How to Mitigate the Print Nightmare Printer Security Risk

Jul 9, 2021 | Bob Secord

There is a new severe vulnerability out called Print Nightmare. It has a Common Vulnerability Score (CVSS) of 8.8. While Microsoft released the update yesterday and today, it does not clean up all attack vectors at this time. Below are some steps we have compiled to help your team mitigate this vulnerability risk.

Steps to Mitigate the Print Nightmare Vulnerability Risk

1. Entirely disable the print spooler service on all security-sensitive servers (domain controllers, SQL servers, Exchange servers, for instance), ideally via GPO. Note that if performed on endpoints or Print Servers, this can disrupt local printing operations, as well as print-to-PDF and local printing. We recommend to only executing on infrastructure servers (Computer Configuration > Policies > Windows Settings > Security Settings > System Services > Print Spooler Service).

Reference articles

Disable Print Spooler Service on Domain Controllers

How to Mitigate Print Spooler Print Nightmare Vulnerability

 

2. Create a GPO limited to your print servers and set the “Allow Print Spooler to accept client connections” policy setting to Enabled. (Computer Configuration > Administrative Templates > Printers).

Reference articles

MSRC Microsoft Update Guide Vulnerability

Microsoft Policies Printing

 

3. Create a GPO for all security-sensitive servers (For example: domain controllers, SQL servers, Exchange servers) and set the “Allow Print Spooler to accept client connections” policy setting to Disabled. (Computer Configuration > Administrative Templates > Printers).

Reference articles

MSRC Microsoft Update Guide Vulnerabilities

Microsoft Policies Printing

 

4. Set RestrictDriverInstallationToAdministrators to 1 on Print Servers by GPO, located under HKEY_LOCAL_MACHINE \Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint.

Reference articles

Restricting Installation of New Printer Drivers

 

5. Create a GPO to affect all servers and endpoints that configures the “Point and Print Restrictions” option (Computer Configuration > Administrative Templates > Printers > Point and Print Restrictions).

Reference articles

Bleeping Computer News Print Nightmare Vulnerability

MSRC Microsoft Update Guide Vulnerabilities (scroll down to FAQ)

Microsoft Policies Printing

 

Additional Information

Patching to the latest security update does not seal all attack vectors 

 

Need Some Security Help?

We build security into every layer of our service. Contact us if you need some security help at your business!



Privacy Policy
Copyright © 2021 Coretek Services | Website by NYN Website Design + Marketing | Powered by Web OS
Loading...