July 14, 2021

Fixing the PrintNightmare for Windows

On June 30, a Windows vulnerability was made known and called Windows Print Spooler Remote Code Execution Vulnerability, or CVE-2021-34527, and referred to as “PrintNightmare”. Several possible workarounds became known which are discussed below for compatibility with Tricerat printing products.

Updates from Microsoft

On July 6, 2021, Microsoft released emergency patches to address the vulnerability. After preliminary testing at Tricerat, ScrewDrivers® is compatible with this Microsoft update and can safely be applied to desktops and servers. It is strongly advised to test this update with ScrewDrivers in your environment to confirm functionality prior to large-scale rollout.

Denying Access to Spool Folder

The blog truesec reported a workaround to the vulnerability that creates an explicit deny permission for SYSTEM on the spool folder. This alone will break Tricerat ScrewDrivers printing if done on VDI, terminal servers, or print servers. To use this permission setting with Tricerat, modify the permissions specifically on the following files to allow SYSTEM to have full control permissions.

v7:

C:\Windows\System32\spool\drivers\x64\3\ScrewDriversDrv.dll
C:\Windows\System32\spool\drivers\x64\3\ScrewDriversUI.dll

v6:

C:\Windows\System32\spool\drivers\x64\3\sd6drv.dll
C:\Windows\System32\spool\drivers\x64\3\sd6ui.dll

Disabling the Print Spooler

The initial recommendation from Microsoft was to turn off the print spooler service. Be advised that if the print spooler is turned off on the session desktop, print server, or remote desktop client, printing will not work. This applies to Tricerat ScrewDrivers and any other type of printing.

20222942117
The Ultimate Guide to Enterprise Print Management
IT admins often struggle to get ahead of strategic, higher-value IT tasks that enable digital transformation throughout their enterprise.
Download Now

Join the Thought Leaders of Print Management

Sign up for Tricerat updates.