We recommend that you immediately install the latest Windows updates released on or after Jon all supported Windows client and server operating systems, starting with devices that currently host the print spooler service.
Optionally, to override all Point and Print Restrictions Group policy settings and ensure that only administrators can install printer drivers on a print server, configure the RestrictDriverInstallationToAdministrators registry value to 1. Starting with the July 2021 Out-of-band update, administrator credentials will be required to install signed and unsigned printer drivers on a printer server. Note Before installing the July 2021 Out-of-band and later Windows updates containing protections for CVE-2021-34527, the printer operators' security group could install both signed and unsigned printer drivers on a printer server. By default, only administrators can install both signed and unsigned printer drivers to a print server. After installing the July 2021 and later updates, non-administrators, including delegated admin groups like printer operators, cannot install signed and unsigned printer drivers to a print server. Security updates released on and after Jcontain protections for a remote code execution vulnerability in the Windows Print Spooler service ( spoolsv.exe) known as “PrintNightmare”, documented in CVE-2021-34527. KB5005010: Restricting installation of new printer drivers after applying the Jupdates Summary
0 kommentar(er)
