On July 6th, Windows released a critical security patch for the known printer spooling exploit that security researchers call PrintNightmare. When exploited on a vulnerable system, “An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.” This exploit applies to all versions of Windows, and everyone is encouraged to update as soon as possible.
If you have automatic updates enabled, you’ll automatically receive a fix for this vulnerability, but keep reading.
Microsoft also recommends restricting the installation of new printer drivers. This action requires a review and potentially an update to the Point and Print Restrictions Group Policy configurations. You can learn how to do this using this link to Microsoft’s support guide.
Update: Before we had a chance to publish this post, Microsoft announced an additional vulnerability to the Print Spooler service. This new vulnerability is considered an elevation of privilege vulnerability, a user granting themselves greater system access and potentially causing harm. An update isn’t available for this vulnerability yet, and Microsoft recommends stopping and disabling the Print Spooler service as a workaround. (Disclosure: This removes the risk and the ability to use your printer!) We’ll keep you posted.