![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 40%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
698 questions
Hi @NightWing2099 ,
I work at PaperCut now on the support team but I still hang out on Microsoft forums too.
To be clear and honest, Microsoft has fixed the remote spooler security exploit. That is done and dusted. Malware can't be dropped on the machine in an authenticated way.
The changes now for Windows Point and Print, that's making a connections to a shared printer, have new defaults from Microsoft. First, the users on the Windows client must have administrative access on the machine in order to install the software from the server. If that software on the print server is infected, being admin is really not going to help actually, that kind of makes it worse.
Since you have GPO deployment, you can add a registry setting to the client machine which reverts the new default to the past behavior where a standard user can install this software. The software from the server is the print driver.
Another new default is that non Windows printer connections are now longer allowed by default. There is a registry setting for this behavior too. If you are not all Windows, then you can't connect to the shares.
A very good policy for some locations that are allowing non admin access to installing the software from the server is to allow only connections to the shared printers on the company assets.
Computer / Admin Templates / Printers /Package point and print - Approved servers.
Finally, please listen to my podcast on the topic. https://www.papercut.com/blog/print-geeks-012-deepcuts-printnightmare/
Your PaperCut reseller has been dealing with this too so they may have additional guidance based on the printer models and drivers they suggest.
Thanks