Some things just cannot remain in the background permanently. Take, for instance, the Print Spooler service – an essential service that handles print jobs and interactions with the printer. Sounds harmless, right? Well, think again.
The Print Spooler service has become a cause of frustration for Microsoft lately, which, by extension, has become our problem too. In the span of five weeks, Microsoft has discovered three vulnerabilities with this service, one after another, that can be exploited by hackers and attackers easily. And there are no updates to fix the latest of the three vulnerabilities either.
But there’s a simple workaround to ensure that the exploit is plugged, for now, so that your system’s security is not compromised. Here is everything you need to know about the Print Spooler vulnerability and how to temporarily disable it until an update is issued to patch it.
Related: How to join a FaceTime call on Windows
Why Microsoft wants you to temporarily disable Print Spooler on Windows 10
This is not the first time that there’s an issue discovered with the Print Spool service. After the original vulnerability (dubbed CVE-2021-1675) was patched in June, another similar flaw emerged, dubbed CVE-2021-34527, or the PrintNightmare.
Now, mere days later, another issue that is being addressed as CVE-2021-34481 has been identified. Microsoft is clearly frustrated with these ever-emergent vulnerabilities and, in the absence of a patch just yet, has called for customers to disable it themselves.
This is very important!
If you have the "Print Spooler" service enabled (which is the default), any remote authenticated user can execute code as SYSTEM on the domain controller.
Stop and Disable the service on any DC now! https://t.co/hl0NItsrBF pic.twitter.com/s4yE2VVl5I
— Will Dormann (@wdormann) June 30, 2021
According to Microsoft – “An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
Granted that an attacker has to have physical access in order to execute code on a system to exploit this vulnerability, but it is still a scary prospect to have. As the patch for the latest vulnerability is not available as of yet, the only workaround is to manually disable the Print Spooler service.
Related: Will Windows 10 get native Android apps support?
How to turn off Print Spooler on Windows 10 [4 Ways]
Here are a few ways you can disable the Print Spooler service on Windows 10.
Method #01: Using PowerShell
Press Start, type Powershell, and click on Run as administrator.
Now, type in the following command and press Enter:
Stop-Service -Name Spooler -Force
This will stop the Print spooler service immediately. Now, type in the following command to prevent it from starting again automatically:
Set-Service -Name Spooler -StartupType Disabled
Method #02: Using Services
If you’re uncomfortable using PowerShell commands to get things done, a simpler way is to disable the service from the ‘Services’ window. Here’s how to do so:
Press Win + R
to open the RUN box. Then type services.msc and press Enter.
Now, scroll down the list of services and find Print Spooler, then double-click on it.
This will open up the Print Spooler properties. Click on Stop to keep it from running.
Method #03: Using Group Policy Editor
Press Win + R
to open the RUN box. Then type gpedit.msc and hit Enter.
Then navigate to Computer Configuration > Administrative Templated > Printers on the left.
On the right, double-click on Allow Print Spooler to accept client connections.
Click on Disabled and then click ‘OK’.
The Print Spooler service will not stop, preventing you from potentially being hacked.
Note: This option is not available for Windows 10 Home users. Since Group Policy Editor is only a Windows 10 Professional feature, Home users will have to use any of the other options to stop the Print Spooler service.
Method #04: Using System Configuration
Yet another way of turning off the Print Spooler service is to do so from System Configuration. Here’s how:
Press Win + R
to open the RUN box. Then type msconfig and hit Enter.
Click on the Services tab at the top.
Here, find Print Spooler and uncheck the box before it. Then click ‘OK’.
How to turn on Print Spooler on Windows 10 [4 Ways]
As things stand right now, disabling the Print Spooler is important to prevent your system from being exploited by hackers. But if you need to use the printer temporarily or turn the service back on after Microsoft has fixed this issue, follow the steps below to re-enable it.
Method #01: Using PowerShell
Press Start, type Powershell, and click on Run as administrator.
Now, type in the following command and press Enter:
Set-Service -Name Spooler -StartupType Automatic
Now, type in the following command and press Enter:
Start-Service -Name Spooler
You’ve successfully re-enabled the Print Spooler service and can start interacting with your printer again.
Method #02: Using Services
To re-enable Print Spooler service via the ‘Services’ window, follow the steps below:
Press Win + R
to open the RUN box. Then type services.msc and press Enter.
Now, scroll down the list of services and find Print Spooler, then double-click on it.
This will open up the Print Spooler properties. Click on Start, then click ‘OK’.
Method #03: Using Group Policy Editor
Press Win + R
to open the RUN box. Then type gpedit.msc and hit Enter.
Then navigate to Computer Configuration > Administrative Templated > Printers.
On the right, double-click on Allow Print Spooler to accept client connections.
Click on Not Configured. Then click ‘OK’.
Method #04: Using System Configuration
Yet another way of re-enabling the Print Spooler service is to do so from System Configuration. Here’s how:
Press Win + R
to open the RUN box. Then type msconfig and hit Enter.
Click on the Services tab at the top.
Here, find Print Spooler and click on the box before it to place a check there. Then click on ‘OK’.
FAQs
The recent Print Spooler vulnerabilities have raised a lot of questions about Microsoft’s ability to fix issues with its services. Here are all the little details about this recurring Print Spooler vulnerability that you should know.
Is this the same vulnerability as PrintNightmare?
This vulnerability comes days after the infamous vulnerability publically known as PrintNightmare was discovered. The current vulnerability (CVE-2021-34481) is similar to the previous ones in that it exists in the Print Spooler service, though its security impact is a local elevation of privilege. But yes, it is basically the same vulnerability in a different guise.
When did the Print Spooler vulnerability get introduced?
It was thought that the July 2021 update inadvertently brought about the latest Print Spooler vulnerability. But as Microsoft puts it, “the vulnerability existed before the July 13, 2021 security update.” Currently, we don’t have any other option but to take their word for it and hope that their recommended workaround keeps one’s system protected.
When will Microsoft release an update to tackle this vulnerability?
As of yet, there’s no word on when a security update for this vulnerability will be released. Microsoft is still testing the security updates to ensure that it doesn’t lead to more problems. One can expect the fix to come as a part of the monthly cumulative updates.
RELATED
Discussion