Skip to Main Content
Lifehacker Logo
Home Tech Security

What to Do Now That Those 'PrintNightmare' Windows Patches Didn't Work [Updated]

The vulnerability is still active on several versions of Windows, but turning off certain system settings may keep you safe.
What to Do Now That Those 'PrintNightmare' Windows Patches Didn't Work [Updated]
Credit: Diego Cervo -  (Shutterstock)

Microsoft recently released emergency patches to fix a major zero-day security flaw in Windows’ Print Spooler code dubbed “PrintNightmare,” but they didn’t fix the problem. Security researchers discovered the vulnerability is still present on several versions of Windows even after the patch (via TechRadar), leaving users vulnerable to serious cybersecurity threats.

By exploiting the PrintNightmare bug, hackers could gain control of a PC and install malware, ransomware, steal or destroy important data, and more, without requiring physical access to the computer. Y’know, real black hat stuff.

Some security experts doubt the company properly tested the patch at all before pushing it live. Either way, it’s a bad look for Microsoft and only makes the PrintNightmare debacle into more of a nightmare—one that puts millions of Windows devices at risk.

What is PrintNightmare?

PrintNightmare affects the Windows Print Spooler in all versions of Windows, including the versions installed on personal computers, enterprise networks, Windows Servers, and domain controllers. Worse, hackers are actively exploiting PrintSpooler due to a fumbled proof-of-concept (PoC) attack.

Security researchers at Sangfor discovered the PrintNightmare exploit along with several other zero-day flaws in the Windows Print Spooler services. The group created PoC exploits as part of an upcoming presentation on the flaws. The researchers believed the vulnerabilities were already patched and published them on Github.

Microsoft had, in fact, patched some of the zero-day Print Spooler vulnerabilities in a previous security update, but PrintNightmare was unpatched. While Sangfor’s original PringNightmare PoC is no longer on Github, the project was replicated before it could be taken down, and there’s evidence the PoC exploit has been used.

Microsoft released emergency security patches for all affected versions of Windows, including:

  • Windows 10

  • Windows 8.1

  • Windows 7

  • Windows RT 8.1

  • Numerous versions of Windows Server

Unfortunately, as we now know, the patches didn’t do squat. Luckily, the Windows Print Spooler service can be temporarily disabled to prevent a PrintNightmare attack.

Disable the Window Print Spooler service right away

Network administrators can disable (and restore) Windows Print Spooler and remote printing with a group policy, but general users will need to turn it off using Powershell commands, which will safeguard your PC against any PrintNightmare threats:

  1. Use the taskbar or Windows start menu to search for “Powershell.”

  2. Right-click Powershell and select “Run as administrator.”

  3. In the Powershell prompt, run the following command to disable Windows Print Spooler: Stop-Service -Name Spooler -Force

  4. Then run this command to prevent Windows from re-enabling Print Spooler services at startup: Set-Service -Name Spooler -StartupType Disabled

  5. Keep your Windows Print Spooler services disabled until Microsoft’s patch is available and installed on your PC sometime in the near future. Once it’s safely patched, you can re-enable Print Spooler services in Powershell using the Set-Service -Name Spooler -StartupType Automatic and Start-Service -Name Spooler commands.

Note that this is not a long-term preventative measure since the vulnerability is still present even with the Print Spooler services disabled. However, it’s the only option for now. We recommend keeping Print Spooler disabled even if Microsoft releases subsequent security updates, just to be safe. You can re-enable Print Spooler once it’s confirmed the vulnerability is fully patched.

We’ll update this post once again if and when another patch is released. For most Windows 10 users, further security updates will show up automatically, but you can also manually check for new patches in Settings > Update & Security > Windows Update > Check for Updates. Users on older versions of Windows, such as Windows 7, need to download and install the patch manually from Microsoft’s security update guide.

This article was originally published on July 2, 2021 and was updated on July 7, 2021 with instructions on installing the emergency Windows security patches, and again on July 8, 2021 with reports that the patches do not work.

[The Verge]