Tweak the registry to make sure you're protected against the PrintNightmare Windows vulnerability
The accidental revelation of the PrintNightmare security vulnerability in Windows set off a chain of workarounds, third-party patches, official patches and problems with patches. But even after two weeks of back and forth, there are still steps you need to take to ensure that you're fully protected.
Microsoft recently updated its security advisory notice about the vulnerability to include additional details that system administrators should check. A quick visit to the registry is all it takes to ensure complete security.
- Microsoft's KB5004945 update to fix PrintNightmare is breaking some printers
- Microsoft issues emergency patches for critical PrintNightmare security flaw
- Security researchers accidentally leak PrintNightmare remote execution vulnerability in Windows print spooler
After initially offering only a workaround, Microsoft eventually pushed out an emergency patch for the security issue. But now the company has issued further advice that users need to follow in order to keep things locked down.
In most instances no action will be needed, but for some configurations, it is necessary to make a registry edit even after installing the patch, as Microsoft explains.
The updated entry in the Microsoft Security Response Center reads:
In addition to installing the updates, in order to secure your system, you must confirm that the following registry settings are set to 0 (zero) or are not defined (Note: These registry keys do not exist by default, and therefore are already at the secure setting.), also that your Group Policy setting are correct (see FAQ):
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint
- NoWarningNoElevationOnInstall = 0 (DWORD) or not defined (default setting)
- UpdatePromptSettings = 0 (DWORD) or not defined (default setting)
The company adds (emboldening is Microsoft's):
Having NoWarningNoElevationOnInstall set to 1 makes your system vulnerable by design.