Patches needed along with Group Policies and registry entries needed to prevent security compromises from these issues.
Applies To
Windows Server 2008 R2 through 2019
and
Windows 7 through current version of Windows 10
Resolution/Fix/Answer
There is a lot of confusion and many different sources and items necessary to protect your systems from the vulnerabilities all dubbed "Print Nightmare". The following information explains our recommendations on how you can update your system to reduce your vulnerability the "Print Nightmare" exploit.
To start, the simplest solution is to disable the print spooler on all systems that do not need printing and importantly on Active Directory Servers.
With that said, there are going to be systems that need to print. The Flow chart below will assist with guiding you through that but here is a break down of those items.
#1 - Ensure the system has Microsoft Windows patch 2021-07 Cumulative Security Update.
#2 - Disable Remove printing via Group Policy at the domain or local policy.
Here is the setting from Microsoft's KB:
Computer Configuration / Administrative Templates / Printers
Disable the “Allow Print Spooler to accept client connections:” policy to block remote attacks.
#3 - Ensure the following registry entry is not present or set to 0
In addition to installing the updates, in order to secure your system, you must confirm that the following registry settings are set to 0 (zero) or are not defined (Note: These registry keys do not exist by default, and therefore are already at the secure setting.), also that your Group Policy setting are correct (see FAQ):
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint
- NoWarningNoElevationOnInstall = 0 (DWORD) or not defined (default setting)
- UpdatePromptSettings = 0 (DWORD) or not defined (default setting)
Source of this workflow is from the grc.com link below and supported by the Microsoft KB article that outlines the steps.
Cause
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
(Less technical Explanation)
(Very Technical Explanation and workflow diagram source)
https://www.grc.com/sn/SN-827-Notes.pdf