Windows Print Spooler Remote Code Execution Vulnerability CVE-2021-34527
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
Recommends add:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint
NoWarningNoElevationOnInstall = 0 (DWORD) or not defined (default setting)
NoWarningNoElevationOnUpdate = 0 (DWORD) or not defined (default setting)
KB5005010: Restricting installation of new printer drivers after applying the July 6, 2021 updates
https://support.microsoft.com/en-us/topic/kb5005010-restricting-installation-of-new-printer-drivers-after-applying-the-july-6-2021-updates-31b91c02-05bc-4ada-a7ea-183b129578a7
Recommends add:
RestrictDriverInstallationToAdministrators = 1 (DWORD)
_____________________________________________________________________________________________________________________________________________________________________________________
KACE Script
Verify
1. Verify a registry key does not exist...
Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint
On Success
1. Set a registry value...
Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint
Name: RestrictDriverInstallationToAdministrators
Type: REG_DWORD
Data: 1
2. Set a registry value...
Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint
Name: NoWarningNoElevationOnInstall
Type: REG_DWORD
Data: 0
3. Set a registry value...
Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint
Name: NoWarningNoElevationOnUpdate
Type: REG_DWORD
Data: 0
4. Log message..
Type: Status
Message: Registry Workarround Completed
Comments