With Kaseya VSA currently underdoing the majority of the headlines, a vulnerability within the Microsoft OS is currently going relatively untalked about.

PrintNightmare as it is known, is an active exploit within the Windows Print Spooler, a service enabled by default within Windows.

More Information from the official Microsoft page is available here

What shall I do?

It is recommended that where possible, the Print Spooler service should be stopped. At the current time there is no patch available!

Assuming the device in question is not a print server, this usually is an acceptable task.

To stop the print spooler we have included some instructions below:

Method One

Open Powershell as Administrator and run:

Stop-Service -Name Spooler -Force

Set-Service -Name Spooler -StartupType Disabled

Method Two

Disable the service via registry by running the below command/changing the below reg key:

REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\Spooler" /v "Start " /t REG_DWORD /d "4" /f

If easier as we suspect for many MSPs, we have included below a script on changing the reg key, this can be copied and pasted into your RMM platform.

“reg add "HKLM\Software\Policies\Microsoft\Windows NT\Printers" /v RegisterSpoolerRemoteRpcEndPoint /t REG_DWORD /d 2

net stop spooler

net start spooler”