Last week, Windows was affected by a new security flaw: PrintNightmare . This flaw, registered as CVE-2021-34527 , allows an attacker to execute remote code on any PC with SYSTEM permissions, a flaw for which several exploits are circulating through the Internet and for which, furthermore, there is currently no solution. . Until next week Microsoft will not release its official patch to cover the vulnerability on their computers. However, if we don’t want to take unnecessary risks until then, there are several ways to mitigate this problem.
First of all, we must point out that this vulnerability mainly affects Windows Server computers and other versions of Windows joined to a domain. However, if changes have been made to the default settings of Windows 10 it can also compromise the system.
Official solutions for PrintNightmare
There are two official ways, recommended by Microsoft, to protect ourselves from this vulnerability.
Disable Print Spooler
This is the simplest method to protect ourselves from this failure, although we must be clear that, as long as we have it disabled, we will not be able to print anything from said equipment.
To do this, what we must do is open a PowerShell window, with administrator permissions, and execute the following commands in it in order:
- Run Get-Service -Name Spooler.
- Run Stop-Service -Name Spooler -Force
- Stop-Service -Name Spooler -Force
- Set-Service -Name Spooler -StartupType Disabled
The third command stops the service, and the fourth deactivates it. When Microsoft releases the final patch, what we must do is re-enable the Print Spooler to be able to print on the PC normally again.
Disable remote printing
Another way to protect ourselves from this security problem is by disabling the remote printing functions. To do this, what we must do is open the group policies (executing the gpedit.msc command) and go to the Computer Configuration> Administrative Templates> Printers section. Here we will double click on the section ” Allow the print job manager to accept client connections ” and mark this directive as “Disabled”.
We apply the changes, accept and that’s it. Now you can no longer remotely exploit this security issue.
New patch 0Patch against PrintNightmare
0Patch is a tool that provides users with micro-patches with which to solve all kinds of bugs and vulnerabilities. Unlike the updates that Microsoft releases for its operating system, which basically detects and replaces vulnerable libraries, what 0Patch does is apply hot-patching updates. What these types of patches do is locate the vulnerability in the RAM memory and patch it directly in it. In this way users are protected and the integrity of Windows is not altered.
This company has just released a series of free hot patches to protect users from these problems. These patches are available for all editions of Windows Server, from 2012 to the latest 2019, and will allow all users to protect themselves from them with a couple of clicks, without altering any system file. The patches will be free until Microsoft releases theirs.
These patches can also be used in Windows 10, although it can cause problems since they were not designed for it.