Administrator action is required to prevent exploitation.
#How to disable ms agent code#
Until Microsoft addresses the PrintNightmare zero-day, disabling the Print Spooler service is the simplest way to ensure that threat actors-and ransomware groups in particular-won't jump at the occasion to breach corporate networks.ĬERT/CC has released a Vulnerability Note flagging a critical remote code execution vulnerability “PrintNightmare“ in the Windows Print spooler service. Microsoft adds that the service should be disabled on all servers that don't require it to mitigate future attacks due to these heightened risks of the printing service being targeted since it's enabled by default on most Windows clients and server platforms.
![how to disable ms agent how to disable ms agent](https://cdn.osxdaily.com/wp-content/uploads/2019/07/delete-microsoft-autoupdate-mac.jpg)
"Additionally, administrators should employ the following best practice from Microsoft's how-to guides, published January 11, 2021."Īccording to Microsoft's recommendations, the Print Spooler service should be disabled on all Domain Controllers and Active Directory admin systems via a Group Policy Object because of the increased exposure to attacks.
![how to disable ms agent how to disable ms agent](https://cdn.zmescience.com/wp-content/uploads/2015/08/cortana-disable-windows-10-300x348.png)
"CISA encourages administrators to disable the Windows Print spooler service in Domain Controllers and systems that do not print," the US federal agency said. The Cybersecurity and Infrastructure Security Agency (CISA) has issued a notification regarding the critical PrintNightmare zero-day vulnerability and advises admins to disable the Windows Print Spooler service on servers not used for printing.