Windows 10 update toughens security around Point and Print

News
By published

It can still be overridden by a registry tweak

security
(Image credit: Shutterstock)

Microsoft has fine tuned the default printer driver installation and update behavior to mitigate vulnerabilities in the Windows Print Spooler service that came to the fore with the PrintNightmare vulnerability.

The security update is designed to change the default Windows behavior, which debuted with Windows 2000 to enable users to connect to a print server to download and install necessary printer drivers.

Known as Point and Print, cybersecurity researchers recently demonstrated that the feature could be used to run a malicious print server and force Windows systems to download and install malicious drivers.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

“Our investigation into several vulnerabilities collectively referred to as “PrintNightmare” has determined that the default behavior of Point and Print does not provide customers with the level of security required to protect against potential attacks. Today, we are addressing this risk by changing the default Point and Print driver installation and update behavior to require administrator privileges,” shared the Microsoft Security Response Center (MSRC) team.

Fixing privileges 

Following the disclosure of the vulnerability, tracked as CVE-2021-34481, Microsoft’s initial attempts to fix it were “deemed incomplete.”

Acknowledging that the vulnerability takes advantage of what can be described as a design flaw, Microsoft has now tweaked the default behavior to prevent users without administrator privileges from adding or updating printers.

Microsoft says that the change in policy will impact use cases that relied on regular Windows users to add and modify printers. However, in light of the fact that this vulnerability can be exploited Microsoft stresses that the “security risk justifies this change” despite the inconvenience it may cause.

That said, Microsoft has given users the option to manually override the new security policy with a registry key.

Via The Record

Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
Digital image of a lock.
Xerox printer security risk could let hackers sneak into your systems
Printer
No, your printer isn't possessed: a Windows 11 23H2 bug could be making it print random characters when connected via USB
The best free firewall
Microsoft fixes Power Pages security flaw, tells users to be on their guard
greyscale image of a printer
The role of strategic print management in efficiency and security
Representational image of a cybercriminal
Microsoft discovers five potentially damaging attacks against its own software
A phone sitting on a laptop keyboard with the Microsoft Outlook logo on the screen.
Microsoft is changing the way logins work: here’s what that means for you
Latest in Pro
Branch office chairs next to a TechRadar-branded badge that reads Big Savings.
This office chair deal wins the Amazon Spring Sale for me and it's so good I don't expect it to last
Saily eSIM by Nord Security
"Much more than just an eSIM service" - I spoke to the CEO of Saily about the future of travel and its impact on secure eSIM technology
NetSuite EVP Evan Goldberg at SuiteConnect London 2025
"It's our job to deliver constant innovation” - NetSuite head on why it wants to be the operating system for your whole business
FlexiSpot office furniture next to a TechRadar-branded badge that reads Big Savings.
Upgrade your home office for under $500 in the Amazon Spring Sale: My top picks and biggest savings
Beelink EQi 12 mini PC
I’ve never seen a PC with an Intel Core i3 CPU, 24GB RAM, 500GB SSD and two Gb LAN ports sell for so cheap
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Latest in News
Open AI
OpenAI unveiled image generation for 4o – here's everything you need to know about the ChatGPT upgrade
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
NetSuite EVP Evan Goldberg at SuiteConnect London 2025
"It's our job to deliver constant innovation” - NetSuite head on why it wants to be the operating system for your whole business
Monster Hunter Wilds
Monster Hunter Wilds Title Update 1 launches in early April, adding new monsters and some of the best-looking armor sets I need to add to my collection
More about pro
Asus NUC 15 Pro+

Asus unveils its most powerful mini PC to date — but I don't think the Intel-powered NUC 15 Pro+ will compete with Strix Halo models
HDD

Seagate teams with Nvidia to build an NVMe hard drive proof of concept, more than 3 years after its last effort
Page shows the getting started page on the Notability app.

I enjoyed testing this satisfying note-taking app, but its collaboration skills were weak
See more latest
Most Popular
Tesla Model Y 2025
Tesla’s EU sales are in freefall as VW races ahead, but the Model Y could change all that
Asus NUC 15 Pro+
Asus unveils its most powerful mini PC to date — but I don't think the Intel-powered NUC 15 Pro+ will compete with Strix Halo models
HDD
Seagate teams with Nvidia to build an NVMe hard drive proof of concept, more than 3 years after its last effort
Open AI
OpenAI unveiled image generation for 4o – here's everything you need to know about the ChatGPT upgrade
NetSuite EVP Evan Goldberg at SuiteConnect London 2025
"It's our job to deliver constant innovation” - NetSuite head on why it wants to be the operating system for your whole business
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
Monster Hunter Wilds
Monster Hunter Wilds Title Update 1 launches in early April, adding new monsters and some of the best-looking armor sets I need to add to my collection
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks