Regarding Windows Print Spooler Remote Code Execution Vulnerability fix SCCM

Question

Hi experts ,

Anyone applied fix from MECM baseline or proactive remediation ?

Option 2 – Disable inbound remote printing through Group Policy

You can also configure the settings via Group Policy as follows:

Computer Configuration / Administrative Templates / Printers

Disable the “Allow Print Spooler to accept client connections:” policy to block remote attacks.

You must restart the Print Spooler service for the group policy to take effect.

Impact of workaround This policy will block the remote attack vector by preventing inbound remote printing operations. The system will no longer function as a print server, but local printing to a directly attached device will still be possible.

– Registry changes :

“HKLM:SoftwarePoliciesMicrosoftWindows NTPrinters”
“RegisterSpoolerRemoteRpcEndPoint” – Value 2

How we can restart the Print Spooler service with baseline only when GPO is applied ?

Thanks ,
Ketan Kamble

Answers ( 2 )

    0
    2021-07-04T22:34:27+05:30

    This is option 1 , we are going with option 2.

    Best answer
    0
    2021-07-04T20:06:53+05:30

    There is an option to use CMPivot to find out the problematic devices. Once you have the list, use a PowerShell script to disable the print spooler on Windows 10 device.

    https://www.verboon.info/2021/07/use-microsoft-endpoint-configuration-manager-to-stop-the-windows-print-spooler-service/

Leave an answer

Sorry, you do not have permission to answer to this question .