PrintNightmare: How to Protect your IT Environment!

PrintNightmare, the Microsoft security vulnerability in the Windows spooler is causing headaches for many IT departments.

PrintNightmare

The recommendations to quickly secure the PrintNightmare security hole were quite questionable because the advised disabling of the Windows spooler results in printing no longer being possible at all. Installation of printer drivers via users’ local administration rights can easily lead to new security loopholes. In addition, in the last few weeks, new security holes kept appearing, or the patches caused problems with certain printers. It’s therefore worthwhile to find an approach that allows printers to be administered, but at the same time protects user desktops from future spooler security vulnerabilities.

Secure Printing Despite PrintNightmare with the ThinPrint Engine

With the ThinPrint Engine, organizations can continue to make all their printers available to users without having to grant local administration rights or remote access to the printing system.

This is because the ThinPrint Engine deploys printers to users based on Active Directory security groups, IP subnets, and computer names. And without having to copy or install drivers on the physical workstation, VDI session, terminal session, or application server. By taking this approach, admins can provide users with the printers they need without introducing security risks to the environment. Using our V-Layer technology, the ThinPrint Engine leverages the properties of the native drivers on the print server and maps a virtual image of that printer to the user session. This means that users can continue to take advantage of the finishing options required by the driver without having to install the driver in the user session. Since the engine installs the ThinPrint Output Gateway (TPOG) onto the user session where the printers are mapped, no administrative rights are required to install drivers or use a service account to install drivers onto the user session. This provides IT admins with a simple yet efficient way to enable their users to print without compromising the security of their environment.

For more information on the PrintNightmare vulnerability, please see our blog post: CVE-2021-34527 Windows Print Spooler Vulnerability – How to Ensure Uninterrupted Printing Despite PrintNightmare.

Brock McKenna
Brock McKenna
Senior Solutions Specialist, ThinPrint Inc.