How to Avoid Windows' 'PrintNightmare' Security Threat

Photo by Diego Cervo ( Shutterstock)Microsoft warns that there is a potential zero-day security vulnerability in Windows Print Spooler code. Although Microsoft hasn't yet identified the exact severity of the vulnerability, the name PrintNightmareit sounds awful.AdvertisementAccording to the company, outside users could exploit PrintNightmare in order to gain elevated administrator privileges or remotely execute code. It is an invitation for hackers to take control of a computer and install malware, ransomware or steal data. This is real black hat stuff.PrintNightmare is a problem with the Windows Print Spooler. It affects all Windows versions, including those installed on personal computers, corporate networks, Windows Servers, Windows Servers, Domain Controllers, and Windows Servers. A fumbled proof of concept (PoC attack) has already led to PrintSpooler being actively exploited.Sangfor Security researchers discovered the PrintNightmare exploit and other zero-day flaws within the Windows Print Spooler services. As part of a presentation about the flaws, the group created PoC exploits. Researchers believed that the vulnerabilities had been patched already and published them on Github.Although Microsoft has patched some zero-day Print Spooler vulnerabilities with a security update, PrintNightmare is still unpatched. Although Sangfars original PringNightmare PoC has been removed from Github, it was still available for download.Microsoft claims it is working on a patch for the PrintNightmare flaw. However, there are evidence that the PoC exploit was used. The exploit is most dangerous to enterprises and businesses, but it could also be vulnerable to general users. Microsoft urges users to disable Windows Print Spooler on their computers.Administrators can disable and restore Windows Print Spooler or remote printing using a group policy. However, general users will need it turned off using Powershell commands. This will protect your computer against any PrintNightmare threats.To disable Windows Print Spooler, use the taskbar or Windows' start menu. Next, run this command: Stop-Service-Name Spooler-Force.AdvertisementKeep Windows Print Spooler disabled until Microsofts patch becomes available. After the patch is installed, you can enable Print Spooler services again in Powershell by using the Set-Service-Name Spooler-StartupType Automat and Start-Service-Name Spooler commands.[The Verge]