Disable Windows print spooler or you could be hacked, says Microsoft

Geralt

Posts: 552   +764
I have one quick question (I can't seem to get a straight answer anywhere I've asked), I do not have a printer connected to my computer (directly or by wifi) & have NO need to print anything. Should I still be worried?
Print spooler service is there anyway. You have to disable it.
 

rocky01

Posts: 10   +5
But if I never access it how can anybody get in? Is there a QUICK WAY to disable it? All the info says to open this & then do this & then do this, blah, blah, blah.
Type 'services" in win10 searchbox, open it and then scroll down to 'print spooler' service, right click on properties and select 'disabled'. Boom, you're good to go
 

Neatfeatguy

Posts: 431   +694
Tray selection, printer identification and all of that is 1,000% printer manufacturer issues. Shitty drivers they just couldn't care less about fixing. I once worked for one of the major corporate printer manufacturers. I know how bad they are. It's Creative levels of customer neglect. Instead of cleaning up their sh t, they start doing all sorts of half measure workarounds. It's always been like that and unfortunately always will be like that. I mean, one of the easiest jokes to make for that classic 90's workplace comedy Office Space was, yes, printers not doing things the way normal people expects them to work. It's still like that.
Yep, sure was nice that everything worked correctly until the MS update came out.

Glad to see it wasn't MS that screwed up. Thanks for the clarification!
 

rocky01

Posts: 10   +5
Thank you! Although the only option was stop, I just clicked that! ;)
Hm. Once you right click 'print spooler' you should see a 'properties' menu that you click on. There you will see a drop down list, 'startup type' and then finally select the 'disabled' option.
 

rocky01

Posts: 10   +5
This artcle proposes solutions:

https://www.bleepingcomputer.com/ne...ero-day-exploitable-via-remote-print-servers/

Have not tried them yet. Needless to say folks, if you have any 'free' full version software or games most likely this is where exploits begin. Don't do that. Fresh install and stop inviting them in. Sometimes there is no clue since clever ones lie in wait. Yes, even Norton and Malwarebytes can be unaware. Or it's blatant cause programs close down, etc.
 
Hm. Once you right click 'print spooler' you should see a 'properties' menu that you click on. There you will see a drop down list, 'startup type' and then finally select the 'disabled' option.
Thanks again. I didn't see that the first time, I have disabled it. :)
 

Theinsanegamer

Posts: 2,633   +4,092
If we could just get decent gaming support on Linux I'd never have to touch Windows ever again. Now that would be glorious.
Valve's proton has done wonders for the linux gaming scene, combined with the latest MESA drivers nearly every game I own on steam works in linux with the exception of multiplayer titles. But screw multiplayer on PC anyway, if you cant host your own server I aint interested.
 

Geralt

Posts: 552   +764
But if I never access it how can anybody get in? Is there a QUICK WAY to disable it? All the info says to open this & then do this & then do this, blah, blah, blah.
Because it is automatically enabled by default. The process of disabling it is very simple.
 

hk2000

Posts: 165   +84
Everybody’s furious and complaining about MS, which is fine, but you all are letting slide the fact that this writer didn’t bother to do the necessary research into this. For instance, what are the consequences of disabling the service, what if you have a firewall? What about the anti virus? What actions from the user could trigger this attack? Is it enough that your PC is always connected, and is always on? Lots of questions are left unanswered!
 

hwertz

Posts: 62   +25
Root problem is the printing subsystem runs in kernel space. NT 4 had as much as possible user-space, even the video drivers. Video drivers went for a while full kernel-space, then ended up with a split model (which Linux also does -- full user-space is secure but too slow, full kernel-space is insecure.) But when they did this, the printer stuff went full kernel space and never came back out.
 

trparky

Posts: 942   +990
what if you have a firewall?
Exactly. If you have a firewall and you've properly configured it, you should be safe. You shouldn't be opening these kinds of ports to the public Internet to begin with so unless you have a configuration that's monumentally stupid, you really shouldn't have any issues. This is really a big old nothingburger.
 

Todd Sauve

Posts: 39   +50
Tray selection, printer identification and all of that is 1,000% printer manufacturer issues. Shitty drivers they just couldn't care less about fixing. I once worked for one of the major corporate printer manufacturers. I know how bad they are. It's Creative levels of customer neglect. Instead of cleaning up their sh t, they start doing all sorts of half measure workarounds. It's always been like that and unfortunately always will be like that. I mean, one of the easiest jokes to make for that classic 90's workplace comedy Office Space was, yes, printers not doing things the way normal people expects them to work. It's still like that.
I have a Canon LiDE 35 scanner that they refused to put out a 64bit driver for, even though it was only a year or two old when everything went over to 64bit Windows. So some inventive soul decided to try the next more expensive Canon scanner's 64bit driver for the LiDE 60. Worked like a charm. That is the story of Canon and the big time corporate world. Rip off your customers if at all possible. Here is the website with the fix if anyone needs it, and it works fine with Windows 10, too. : https://www.sevenforums.com/drivers/61060-canoscan-lide-35-windows-7-64bit-driver.html 🙄🙄🙄
 
Last edited:

ZedRM

Posts: 602   +373
Rather than disabling the Print Spooler, disable file and printer sharing in the network profiles. It just as effective and a user doesn't loose the print spooler functionality.