Disable Windows print spooler or you could be hacked, says Microsoft

Joe White

Posts: 69   +0
Staff
Facepalm: Microsoft is once again advising its customers to disable Windows print spooler, after a new vulnerability that allows hackers to execute malicious code on machines has emerged. While a patch fixing the flaw will be released in due course, the most effective workaround currently on the table is to stop and disable the print spooler service entirely.

This is the third print spooler vulnerability to emerge in just five weeks. While a critical flaw was originally identified and patched in June, a similar flaw – dubbed PrintNightmare – came to light shortly after and was subsequently patched (with mixed success).

The emergence of this new vulnerability is frustrating news for Microsoft and its users.

Microsoft has warned customers of the new print spooler vulnerability online, writing: "An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."

The bottom line in terms of making your computer safe is to stop and disable the print spooler service outright, if it's running – Microsoft spells out how you can do so online. While there'll be a patch for this vulnerability released in due course, no timeline is currently available.

Permalink to story.

 

Neatfeatguy

Posts: 352   +537
MS last patch broke printing over networks and how some third party software interacts with printing. It has caused nothing but headaches at my work the past week+.

But I digress, I hope they can keep "improving" the UI and layout of Windows and ignore security and functionality like they have been. It makes using Windows much more enjoyable.
 

Fearghast

Posts: 376   +285
Did Microsoft break it or did those particular 3rd parties do things they weren't supposed to do? It is often the case of the latter when "Microsoft breaks" things, when they tighten things up they see 3rd parties are circumventing with quick and dirty code. :)
Microsoft was able to destroy DirectSound in one of the latest updates ... go figure, they do no test anything they release.
 

duckofdeath

Posts: 422   +560
I'm not saying they're almighty flawless, I'm just saying, often when third party manufacturers complain about Microsoft braking things, it was just tidied up to fix issues those third parties are causing. Printer manufacturers are particularly guilty at doing this.
 

FF222

Posts: 265   +208
Fun fact: If you actually disable the Print Spooler service on a Windows Server installation, the monthly update packages fail to install and roll back at reboot. This holds true for both the June and July packages.
 
I clicked the "spells out" link and is typical MS fix... it doesn't work... says it can't change the print spooler status.

Can I just go to "Services" and Stop the Print Spooler? I've done this with other services and done it now.. but will it fix this hacker problem? I know I'll have to restart it if I want to print (MS didn't say how to restart it, but I assume rebooting would do it).
 
Fun fact: If you actually disable the Print Spooler service on a Windows Server installation, the monthly update packages fail to install and roll back at reboot. This holds true for both the June and July packages.
I disabled some stuff on my old Dell D630 and it fails updates for the past 3-4 months (haven't dug into which one), so I've been Restoring it to pre-update dates. Now this one's having trouble with updates the last month or so - only difference is this one's 64-bit.
 

Neatfeatguy

Posts: 352   +537
Did Microsoft break it or did those particular 3rd parties do things they weren't supposed to do? It is often the case of the latter when "Microsoft breaks" things, when they tighten things up they see 3rd parties are circumventing with quick and dirty code. :)
When you can't print to two different printers or the print spooler forces the software to print to incorrect printers or incorrect tray....Or you can't simply print to a printer on the network.....

MS broke things trying to fix something. Which, I suppose, is on par with how they normally operate.
 

rocky01

Posts: 10   +5
I'm not a Microsoft hater (I've used Windows since 1.0) but, seriously - Linux Mint.
Preach. It's almost like we're being mocked. Rinse and repeat Yes, I've looked at Mint and Monterey and toyed with VM and USB mounted. Hardly a gamer but want the option without having to master commands or search for them online, yadda yadda. Good grief. My Unbuntu experiement lasted a solid two weeks a year or two ago. Ay yi yi. But never say never.
 

Vanderlinde

Posts: 33   +17
I clicked the "spells out" link and is typical MS fix... it doesn't work... says it can't change the print spooler status.

Can I just go to "Services" and Stop the Print Spooler? I've done this with other services and done it now.. but will it fix this hacker problem? I know I'll have to restart it if I want to print (MS didn't say how to restart it, but I assume rebooting would do it).

I had the same error going on, something about a service that coud'nt be stopped. So I typed "Services" in start menu > Scrolled to print spooler, hit properties > "Stop" and Startup type = Disabled.

That should pretty much do it, because if you head to powershell again:

Status Name DisplayName
------ ---- -----------
Stopped Spooler Print Spooler

It'll notice as "Stopped" and not "Running".

This is so stupid.
Would making sure that your system is properly firewalled off be sufficient in maintain safety?

Yes, well at least for a exploit to work certain commands have to be firewalled (blocked).

I mean hooking up your computer directly to the internet with no router (and just onto the modem) which is usually the case using a 3G/4G stick or so could lead into being exploited. If anyone remembers the "Blaster worm" that was able to hijack fully updated windows XP machines etc. But litterally impossible these days if a unpatched computer is behind a proper router or firewall.
 

duckofdeath

Posts: 422   +560
When you can't print to two different printers or the print spooler forces the software to print to incorrect printers or incorrect tray....Or you can't simply print to a printer on the network.....

MS broke things trying to fix something. Which, I suppose, is on par with how they normally operate.
Tray selection, printer identification and all of that is 1,000% printer manufacturer issues. Shitty drivers they just couldn't care less about fixing. I once worked for one of the major corporate printer manufacturers. I know how bad they are. It's Creative levels of customer neglect. Instead of cleaning up their sh t, they start doing all sorts of half measure workarounds. It's always been like that and unfortunately always will be like that. I mean, one of the easiest jokes to make for that classic 90's workplace comedy Office Space was, yes, printers not doing things the way normal people expects them to work. It's still like that.
 
I have one quick question (I can't seem to get a straight answer anywhere I've asked), I do not have a printer connected to my computer (directly or by wifi) & have NO need to print anything. Should I still be worried?