THIS THREAD NAME EDITED JULY 10, 2021. CHANGED TO MAKE THIS A GENERAL TECH THREAD.
What do any of you know about the MS Print Spooler vulnerability that needs a patch?
I instructed my team to set their print spooler service to manual and to start it just while printing and to stop otherwise. I guess that’s about as good as can be done until a patch is released, right?
A quick google search comes up with this, any good to you?
Don’t get me to lyin! I know just enough to get into trouble which is why I was asking as I know there are folks on here (like you) far more knowledgeable and who would probably recognize straight away if my approach was adequate.
Good article @grubby. @SthrnMixer, you can just disable it (or force a non-Microsoft solution).
More interesting …
In addition to installing the updates, in order to secure your system, you must confirm that the following registry settings are set to 0 (zero) or are not defined (Note: These registry keys do not exist by default, and therefore are already at the secure setting.), also that your Group Policy setting are correct (see FAQ):
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint NoWarningNoElevationOnInstall = 0 (DWORD) or not defined (default setting) UpdatePromptSettings = 0 (DWORD) or not defined (default setting)
Reference:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
I just changed the thread title. Figured it’s nice to have a place to share certain info with the community, particularly anything security related. And with that…
I know most of this is fairly common knowledge, but without a doubt there are things in this video which some people don’t know. The guy goes pretty quick, so it may be a good idea to watch it a couple of times. Great information though.
Microsoft finally delivered me the patch for PrintNightmare. So I searched for it, KB5004945, and found this article.
The article states:
How to fix Windows 10 KB5004945 issues
As expected, Microsoft has deployed a server-side fix to remotely address printing failures caused by the security update. The emergence fix is rolling out automatically via Windows Update and users can try to force the patch by checking for updates in Windows Update and then restarting your device.
It’s worth noting that you won’t see a new update or notification on the Windows Update screen. This update happens silently in the background. To verify the server-side fix for KB5004945 issues, use these steps:
- Open the Registry Editor via Windows Search .
- In Registry Editor, navigate to the following path:
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FeatureManagement\Overrides\4\1861952651
- If you see see “ 1861952651 ” (KIR) under Overrides\4\ folder, it means the patch has been applied and printers should work again.
I checked my registry before installing the update, and the KIR was there. So I installed the update, restarted the Print Spooler service and did a test print. Everything worked as normal.
This is my tech experience today! 4 fuel injector’s pulled from my Ford V8 Diesel, in my garage. Go pick up the new one’s in the morning, and start putting it back together. Dealership wanted $900 in labor…I watched a video on you tube and did it myself. I do have a mechanic background too, so that helps. Only one was bad, but it’s a pain(tight quarter’s) to get it stripped down, and made sense to me to do all on that side. Did the other bank of cylinder’s last fall.
