A serious security hole that is actively being exploited puts your Windows machines at risk.

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Microsoft Security Response Center

The reason it’s serious, is because it’s a remote-code-execution exploit, which allows an attacker to execute code on your machine with elevated privileges. In other words, someone could theoretically take over your machine over the network.

Workaround using the Group Policy editor

  1. Hit the Windows key + R to open the “Run” dialog
  2. Type “gpedit.msc” and hit enter, which should open the “Local Group Policy Editor”
  3. Go to Computer Configuration > Administrative Templates > Printers
  4. Double-click on “Allow Print Spooler to accept client connections”
  5. Set it to “Disabled”
  6. Click Apply
  7. Click OK
  8. Reboot your computer

You should now be protected. That’s all there is to this Windows CVE-2021-34527 workaround.

It should be noted that with this workaround, if you’re using that Windows machine as print server (“printer sharing”), it will stop working as print server. Once Microsoft released a security fix, you can revert this process by setting the policy back to “Not configured”, or leave it “Disabled” if you don’t need printer sharing.

Alternative title: “How to thwart hackers in 8 easy steps!” :D

Source: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527