IT Solutions Technology Blog

   Microsoft Security Response Center (MSRC)  – Windows Print Spooler Elevation of Privilege Vulnerability

Option 1:
Stop and disable the Print Spooler service on the host
Note that stopping the service alone will not prevent it from restarting at reboot – the service must be disabled.
OR
Option 2:
Configure the Point and Print Restrictions Group Policy setting, as follows:
Computer Configuration > Administrative Templates > Printers
a) Set the Point and Print Restrictions Group Policy setting to “Enabled”
b) Set “When installing drivers for a new connection”: “Show warning and elevation prompt”
c) Set “When updating drivers for an existing connection”: “Show warning and elevation prompt”.
OR
Option 3:
Override all Point and Print Restrictions Group Policy settings and ensure that only administrators can install printer drivers changing registry settings on all hosts as follows:
Registry location – HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint
DWord name – RestrictDriverInstallationToAdministrators
Value data – 1