/
CNS IT Response to the Microsoft Spooler Service Vulnerability

CNS IT Response to the Microsoft Spooler Service Vulnerability

Jul 27, 2021

Updates

Please check back here for updates M-F at 3 pm 

7/22/21 12:30 pm

We will begin reaching out to users who own computers that are still having issues applying the patch.

 

What is this about?

CNS IT will be setting a policy to disable the Print Spooler Service on managed Windows systems on Thursday, July 1, 2021 at 7:00am CST.

Why is this happening?
A critical exploit has been identified in most Windows systems, involving the Print Spooler Service. At this time, a fix hasn't been released. Until a fix exists, the UT Information Security Team has requested that the Print Spooler Service be disabled on Windows systems at UT Austin. More information on the vulnerability can be found here: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527

What will happen if my computer isn't made compliant?
The ISO will be quarantining devices as soon as they can scan for this vulnerability. We have a short grace period until that happens to get the Spooler Service disabled and turned off.

How to upgrade/update your computer:

Follow these instructions for BOTH Managed Software Updates then "All other PC's". Note depending on the network you are on just following the Managed Software Updates instructions will not work.

 

 

Computers installed and configured by CNS IT:

We will be disabling the Spooler Service as a policy that will automatically adjust the Print Spooler Service on your computer. Please run through the following to make sure that the policy has successfully disabled your Print Spooler Service.

Computers that weren't set up and configured by CNS IT:

Since CNS IT doesn't remotely manage your computer, here are some steps you can follow to manually disable the Print Spooler Service on your Windows device.

  1. Open the Services snap-in.

    1. You can find it by searching for 'Services' in the bar next to the Start menu (Windows 10) or at the bottom of the start menu (Windows 7).

    2. Run the Services snap-in as administrator, on the right side of the Start screen (Windows 10) or by right-clicking (Windows 7 and some custom Windows 10 layouts).

    3. If prompted for administrator access, enter administrator account credentials if you have them.

  2. Find the Print Spooler Service, right-click it, select to Properties.

  3. Press Stop in the Properties window to stop the Spooler Service.

  4. Set the startup type to disabled to make sure the Service won't start again when you reboot.

  5. Make sure you Press Apply and OK before you close the Services window.