<img src="https://ws.zoominfo.com/pixel/PMY3ZvbpZt27ywWwZSBB" width="1" height="1" style="display: none;">

Business Copiers & Printers

EO Johnson offers multifunction copiers and printer solutions that are cost effective and easy to use. Trust in the exceptional service and rapid response time of our knowledgeable local service technicians.

Production Print & Finishing

EO Johnson is your one-stop shop for digital production presses, wide-format printing, and finishing equipment. We provide local service and support and have the most technologically advanced Customer Experience Center in the Midwest.

Locknet Managed IT

Locknet Managed IT is a Managed Security Service Provider (MSSP) that is both FFIEC-examined and SOC 2 Type 2 audited. We support businesses in Wisconsin, Minnesota, Iowa, and Illinois with technology strategies and solutions to improve your security position. 24/7/365 remote and onsite support.



Digital Transformation Solutions

EO Johnson’s digital transformation consultants have solutions for every size and type of business. Reduce paper and secure your files with our bulk document scanning. Then streamline your business with process mapping and secured document management.


Gain insights and expand your knowledge with our collection of tools and resources. Stay informed about the latest in business technology, print services, and process improvement. 

Waking from Microsoft's PrintNightmare

3 min read

Ben Nikolay

Managed Service Provider offers network security advice

PrintNightmare (CVE—2021—34481) is a low-complexity, high-impact hacking vulnerability discovered and documented by security engineers. A miscommunication led to the exploit documentation being released prior to Microsoft developing an effective patch to prevent its misuse. Having a managed security provider or other network security expert on your side is critical to ensuring your company data is protected.

Here is some invaluable advice from the experts at EO Johnson Business Technologies and Locknet® Managed IT.

Immediate caution advised

Following Microsoft Update (KB5005652, 8/10/2021) — Installation of any print driver on an existing print server may cause existing printing using shared print queues to halt and popup notifications requiring Administrator Authentication to display.

By default, non-administrator users will no longer be able to do the following using Point and Print without an elevation of privilege to administrator:

  • Install new printers using drivers on a remote computer or server
  • Update existing printer drivers using drivers from remote computer or server

Temporary mitigation

During the initial period of self-mitigating the risk of the PrintNightmare vulnerability, Microsoft and third-party security experts recommended disabling the Print Spooler service on any non-print essential Windows PC and Server. On any system requiring print functionality, IT staff was encouraged to limit the permissions of the “System” account on the print driver directory within the Windows system files. These short-term efforts were effective in immediately blocking the attack vector but also limited the long-term functionality of the Operating System.

Microsoft’s permanent PrintNightmare solution — released August 10

On August 10, 2021, Microsoft released an update for Windows (KB5005652) to permanently block the PrintNightmare vulnerability. In doing so, permissions between Client/Print Server environment utilizing Point and Print connections have changed. Microsoft has created a Registry Key to toggle the behavior. By default, it's enabled following the installation of the Windows Update. Microsoft recommends keeping it enabled to eliminate the risk. However, a temporary rollback of the behavior is possible, via the Registry, to balance the functional impact on workflow versus the security risk of Print Nightmare.

Official Microsoft Documentation

How will this affect you?

By default, Microsoft will now require a non-administrator to elevate permissions to pull print drivers or print driver updates from a Print Server to a Client PC.

What will trigger the elevation prompt?

Any change to the print drivers on an existing print server can potentially update a shared driver file currently in use by existing print queues. If a Client PC sees a driver file has been updated on the host print server, printing will be blocked until the file is pulled from the print server and installed locally on the Client PC. This action will now require administrator elevation.

What printing is unaffected and potential workarounds

  • Locally installed print queues sending print jobs directly to print hardware
  • Locally installed print queues sending print jobs to a server via LPR/LPD protocol
  • EOJ Print solutions that have alternative methods of distributing drivers and queues — ask your sales contact for more information

Point and Print explained

Point and Print is Microsoft’s terminology for connecting a Windows client PC to a printer centrally managed on a Windows print server without requiring installation media at the client. When adding a printer hosted on a Windows print server (Start — Printers and Scanners — Add Printer) or (Start — Search <enter \\<print server name or IP > — double click printer name) a connection to the central print queue is made. The driver files and configuration of that central print queue are pulled from the print server and installed onto the client PC. A print job created on the client PC is generated using local print driver files and then relayed back to the print server’s central print queue for processing to the printer for output onto paper.

Official Microsoft Documentation

Having the right network security partner in place
is essential

Vulnerabilities, hacks, phishing, and other threats in the digital space continue to cause havoc for organizations of all sizes. Having a trusted network security partner in place is essential to ensuring the safety and integrity of your company data. For enterprise-sized entities, this can free up valuable IT resources to tend to daily business needs while also tapping the unparalleled expertise of IT security professionals who are knowledgeable about the quickly evolving threats to your data.

Contact us to learn more about how the professionals at EO Johnson Business Technologies and Managed Service Providers like Locknet Managed IT can ensure the proper mitigation measures are in place for PrintNightmare and other threats to your organization's network security.



No Comments Yet

Let us know what you think