New Windows PrintNightmare zero-days get free unofficial patch

My friends at GYTPOL have had this covered for a while by auditing and setting GPOs. Read this article then take a look here…:

[…] Mitigations for the zero-day PrintNightmare vulnerabilities are already available through the ‘PackagePointAndPrintServerList‘ group policy, which allows you to specify a white list of approved print servers that can be used to install a print driver.

Enabling this policy, along with a fake server name, will effectively block Delpy’s exploits as the print server will be blocked.

However, for those who want to install a patch and not try to understand advisories and fiddle with group policies, Mitja Kolsek, co-founder of the 0patch micropatching service, has released a free micropatch that can be used to fix all known PrintNightmare vulnerabilities.

“We therefore decided to implement the group policy-based workaround as a micropatch, blocking Point and Print printer driver installation from untrusted servers. This workaround employs Group Policy settings: the “Only use Package Point and Print” first requires every printer driver is in form of a signed package, while the “Package Point and print – Approved servers” limits the set of servers from which printer driver packages are allowed to be installed.” Kolsek explains in a blog post.


Original Article