Windows Print Spooler Security Vulnerability
INTRO
- On 7/6/21, we were informed of a serious vulnerability in Windows's print spooler that would allow someone on your network (e.g., someone on the same VPN as you) to gain access to your Windows PC/laptop... if the Print Spooler is configured to accept print client connections. By default, it looks as though most systems are configured to accept print client connections (and those are typically used when someone on a Windows system wants to print to a printer that might be connected locally to your Windows system.) But, because that option might be active as a Windows default, your system may be vulnerable, and you must take action.
- Therefore, you must disable your system's ability to accept print client connections option right away, until Microsoft comes up with an official patch. Once Microsoft releases a patch, we are thinking it will probably become one of the Windows Updates that your PC will download at Updates time. As more information is made available, we will update this page. But, in the meantime, you will need to disable the print client connections option. We have included instructions below for you to do so.
- You may read about the vulnerability here: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
Temporary Solution To Disable Accepting Print Client Connections... Until Microsoft Releases A Patch
- In your Windows search window, bottom left, type Edit Group Policy.
- Click on Edit Group Policy. If your system needs it, you will be prompted for your admin account credentials (including your admin username and admin password, if they are not the same as your user account.) This will bring up the Local Group Policy Editor.
- Click on the down arrow to the left of Computer Configuration on the left-hand pane. This will provide a drop-down of choices.
- Click on the down arrow to the left of Administrative Templates
- Click on Printers.
- Over on the right-hand pane, double-click on Allow Print Spooler to accept client connections. (You might need to scroll towards the bottom to find it.) This brings up the the Allow Print Spooler to accept client connections. window.
- Click on Disabled, and hit OK. (If it was already set to Disabled, you're already done, just hit Cancel, and you may continue working on your system.)
- NOTE: If the option Not Configured was already selected, it so happens that, by default, Allow Print Spooler to accept client connections is already enabled, So, you still must mark it as Disabled.
- Exit out of the Local Group Policy Editor
- Reboot your system for this change to Disabled to take effect.
- Once Microsoft releases a specific patch for this issue, and you verify it has been installed, you can then choose to reverse the process and allow print clients once again for those who need that option active.
If You're Having Issues Accessing The Local Group Policy Editor
- In the above steps, you're editing the Local Group Policy Editor. If for some reason, you can't seem to find the Local Group Policy Editor, here are some other methods to access it...
- 1) Launch Control Panel . In Control Panel, there should be a search bar in the upper right. Type groupinto the search bar and you should see something on the left that includes Administrative Tools, under which, there should be an option to Edit Group Policy. Choose Edit Group Policy.
- or...
- 2) Press Windows key + R to open the Run menu, enter gpedit. msc and hit Enter to launch the Local Group Policy Editor.