Mitigation measures for Windows Print Spooler Remote Code Execution Vulnerability

“PrintNightmare” was a widely reported vulnerability in Windows Print spooler service. This vulnerability was impacting almost all Windows 10 versions, including the most recent May 2021 update (version 21H1) and October 2020 update (version 20H2).

Thankfully, Microsoft fixed this vulnerability by releasing multiple Windows updates. Check for the updates under Updates & Security > Windows Update, and apply to June update.

You can also install the emergency update manually from the Microsoft Update catalog, if you are not able to perform the automatic Windows Update procedure.

This Patch is however not complete and attackers can still abuse the vulnerability. Thus, it is better if you keep disabled your Windows Point Spooler service until the proper fix is released.

You can disable the Print Spooler service on Windows via two ways, namely using PowerShell and from Group Policy editor.

Mitigate PrintNightmare vulnerability using PowerShell

  • Press Windows + X to go to the Start menu,
  • Then, click Windows PowerShell and run it as administrator,

  • Now, enter this command to stop spooler service: Stop-Service -Name Spooler –Force,

  • Next, enter this command to block Print Service from starting again in future: Set-Service -Name Spooler -StartupType Disabled.

You can re-enable it anytime later by using the following two commands:

  • Set-Service -Name Spooler -StartupType Automatic
  • Start-Service -Name Spooler

Disable Print spooler service in Windows 10 using Group Policy editor

  • Open Windows Search and type gpedit.msc. This will open page named Local Group Policy Editor,
  • In the Group Policy Editor, navigate to Computer Configuration > Administrative Templates > Printers,
  • Now, double-click on Allow Print Spooler to accept client connections policy,
  • Then, select disable option and confirm with Ok.

Microsoft confirms that when this policy is disabled, the spooler will automatically reject the client connections and prevent you from sharing printers. But, the printers that are already shared will continue be shared.

You require restart the spooler service as the changes to the policy take place. Check below the steps of doing this:

  • On Start menu, type Services,
  • Double-click on Printer Spooler in the list,

  • Click Restart and confirm with Ok.

You can re-enable the print spooler service using Group policy editor anytime later just by selecting Not Configured or Enabled option on the “Allow Print Spooler to accept client connections policy” and then tapping Apply button and then Ok.