You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.

06: How to Mitigate Windows Print Spooler Remote Code Execution Vulnerability (CVE-2021-34527)

  1. Install the July Out-of-band and later updates from Microsoft.
  2. Configure the Point and Print Restrictions Group Policy setting, as follows:

    Computer Configuration > Administrative Templates > Printers

    1. Set the Point and Print Restrictions Group Policy setting to “Enabled”
    2. Set “When installing drivers for a new connection”: “Show warning and elevation prompt”
    3. Set “When updating drivers for an existing connection”: “Show warning and elevation prompt”.
  3. (Optional): Override all Point and Print Restrictions Group Policy settings and ensure that only administrators can install printer drivers by changing the registry settings on all hosts as follows:

    Registry location: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint

    DWord name: RestrictDriverInstallationToAdministrators

    Value data: 1

Validate Registry and/or Group Policy settings from options 1, and 2 above are properly deployed.

More information can be found at the links below:

  • 1144
  • 17-Jul-2021