Does Microsoft's PrintNightmare patch break printing? Not quite, but it can create a bit of a headache for IT departments.
Last summer we wrote a post about PrintNightmare, a severe software malfunction that exploited a major vulnerability in Windows Print Spooler services. This bug allowed hackers to disguise themselves as a local system user and grant themselves admin-level privileges to remote networks.
In September 2021, Microsoft released a PrintNightmare patch that blocked the Print Spooler vulnerability. The patch was helpful, but it created its own problem: it required administrative credentials for any print driver installations on workstations. This created a big problem for both IT departments and end users.
In this post, we'll review the issue and explain how uniFLOW's SmartClient software allows organizations to manage print drivers without requiring local administrator credentials.
The PrintNightmare Patch Breaks Printing and Creates a Big Issue for IT Departments
Before the PrintNightmare patch, most end users would have been able to install print drivers on their computers without needing administrative credentials to do so.
After applying the PrintNightmare Patch, however, an end user would have trouble printing to a new print driver without the help of an IT team member with the required administrative credentials.
While the PrintNightmare patch protects all windows devices from the vulnerability it was created to secure, increased admin permissions for print driver installations place a heavy burden on IT departments, and some may not have the bandwidth to handle this new challenge.
Should the PrintNightmare Patch be Disabled?
While Microsoft encourages the patch remains enabled for ultimate protection, organizations have the option to manually disable it. This leaves a difficult choice:
- Allow the patch to remain enabled, but lose all remote print connections and face downtime when having to reconnect, reinstall and update the network with admin credentials,
or - Disable the patch, and maintain original print driver abilities, but face serious threat of cyber-attack.
How uniFLOW SmartClient Fixes Microsoft's PrintNightmare Patch
uniFLOW SmartClient is a software that manages print drivers without requiring local administrative rights on workstations. SmartClient is an application that runs on a computer and offers convenient features for organizations that have installed the PrintNightmare patch, including:
- End users can print to any networked laser printer, without the need to install a driver
- IT team members can add or remove printers from SmartClient in the background using uniFLOW Online
- SmartClient is location aware, meaning an end user can travel to a branch office, and their laptop will see only the printers at that location
SmartClient allows organizations with a multi-site infrastructure to combat the PrintNightmare vulnerability without downtime.
It's perfect for large corporations, small offices, educational establishments, local government offices and on-site print rooms, and is compatible with copiers and printers manufactured by Canon, Xerox, HP, Lexmark, Konica Minolta, Ricoh, Sharp and more.
Loffler’s print experts can help develop a tailored print security strategy that fits the needs of your organization. Request a FREE consultation today:
Read Next: uniFLOW Secure Follow-Me-Printing: One Platform for Printing, Scanning and Device Management
Jeff King is the Sr. Director of Intelligent Automation at Loffler Companies. He’s been with the company since 2006, delivering a high level of value to clients with his consultative approach to digital transformation, business process automation, content intelligence, security, managed print services and project management. In his free time Jeff enjoys fitness, traveling and spending time with his family.