It’s been a while, and boy was it a Spring/Summer to remember regarding Microsoft vulnerabilities. Print Nightmare (CVE-2021-34527) scared me enough to want to ensure I went “blue team” enough to prevent any infection. So, I crafted a somewhat crude, but effective, script to detect and remediate on the machines I had influence over. You can find the script in my Github repo.
A couple of things to point out
You’ll notice right at the top that my intention was to disable the print spooler service altogether where I could get away with it:
Of course, on user machines that’s a little more difficult and hence the trouble to detect and remediate those machines. The most fool-proof way to detect if the appropriate patch has been installed is to search for it:
You might be tempted to use the
Get-Hotfix Powershell command to detect for the presence of the installed update. Sometimes that works, but not always according to this post.
The rest of the script is pretty much taken from the recommendations in the Microsoft Security Update Guide for this vulnerability. Please have a look and feel free to drop a comment regarding any similar solutions you might have come up with. And feel free to download, mod, and even open a PR if you like.
Thanks for reading!