back to article The PrintNightmare continues: Microsoft confirms presence of vulnerable code in all versions of Windows

Microsoft has assigned CVE-2021-34527 to the print spooler remote code execution vulnerability known as "PrintNightmare" and confirmed that the offending code is lurking in all versions of Windows. The megacorp said it was still investigating whether the vulnerability was exploitable in every version, but domain controllers …

  1. SsiethAnabuki

    As much as I like to dump on microsoft a pile...

    .. and this bug is a nasty one if you've got a very specific setup... I can't imagine that many people have taken the decision to a) hang a load of peripherals off their domain controller and b) be large enough that they are panicking about internal users exploiting the vulnerability.

    Surely anyone of any size is using a print server rather than dumping that load on the domain controller?

    1. Jim Willsher

      Re: As much as I like to dump on microsoft a pile...

      Company size doesn't and shouldn't matter. Think of all those small companies, charities/not-for-profit that probably only have one server, and who probably also have a userbase that could fall victim to malware. Remember that any authenticated user can now own the domain....or put differently, Mary in Accounts just needs to run some code from an email or URL and she just potentially created a new domain admin account.

    2. Trigun

      Re: As much as I like to dump on microsoft a pile...

      I've supported several companies in my time who had only 1 server (a DC) and that's it, with everything running on it: DHCP, DNS, ADDS, ADCS, Print Services, Antivirus management, etc, etc. I said they should have at least 2 DCs, a seperate file server and a print server (and more if possible). Answer? Costs too much for the servers and the licensing. You can lead a horse to water, but ...

      1. Anonymous Coward
        Anonymous Coward

        You can lead a horse to water, but ...

        ... you can't make him pay for it?

        1. Trigun

          Re: You can lead a horse to water, but ...

          Correct. Horses are known to be quite cash-strapped ;)

          1. DJV Silver badge

            Re: You can lead a horse to water, but ...

            Yep, and they bridle with indignity and champ at the bit should there be any neigh-sayers who think they are saddled with too much cash!

            1. Linker3000

              They never pony up.

              1. Darkk

                There are free open source solutions to this if companies don't want to pay $$$ to Microsoft. Hell, you can run a dedicated print server running Linux with CUPS. Windows, Mac and Linux workstations won't know the difference.

                One company I've worked for did have print services on DC then later separated that out onto it's own server leaving DC strictly for domain controller functions along with DNS and DHCP.

                1. TechHeadToo

                  YOU may be able to do that, but, like another commenter, I've supported small organisations who can barely keep shares running, and would have no chance if Linux appeared, minimal though its admin requirements may be.

          2. big_D Silver badge

            Re: You can lead a horse to water, but ...

            Then run a virtual Samba server for file and print services... That is free and you don't have to buy CALs for each user accessing the file server.

          3. Dave559 Silver badge

            Re: You can lead a horse to water, but ...

            Gift horses, on the other hand, are quite well-off, but just don't look them in the mouth!

    3. Anonymous Coward
      Childcatcher

      Re: As much as I like to dump on microsoft a pile...

      Go and have a look at r/sysadmin on Reddit. You'll find it is very common judging by the wailing ...

    4. Anonymous Coward
      Anonymous Coward

      Re: As much as I like to dump on microsoft a pile...

      I got an email this morning saying print services were no longer available at my university research institute until further notice because of this. What research goes on there? Mainly cybersecurity stuff...

      Maybe they're overreacting, I don't know, but I didn't have the greatest faith in them beforehand.

    5. This post has been deleted by its author

      1. DS999 Silver badge

        Re: As much as I like to dump on microsoft a pile...

        Why does working from home make a difference with this issue? Do you know a lot of people that have domain controllers in their home?

        Working from home actually makes this bug matter less, because the sysadmin can simply turn off the print service if no one is at the office.

        1. big_D Silver badge

          Re: As much as I like to dump on microsoft a pile...

          If the users are connected over VPN to the company network, they can affect other PCs and servers.

          Don't forget, whilst the DC being compromised is the worst case scenario, all versions of Windows, including client PCs are vulnerable and the Print Spooler is activated on Windows PCs to allow local printing and to allow them to share their printer with others.

        2. Anonymous Coward
          Anonymous Coward

          Re: As much as I like to dump on microsoft a pile...

          How many businesses can really turn off print services and continue operating, even if you are not a retail organisation you still need to invoice customer, raise orders, probably;y still print payslips etc.

          Whilst you may have replaced some of these service with electronic versions there will still be a long tail of customers and suppliers who rely on paper documents. If you are in retail you have a whole plethora of other paper documents you need to print to do business.

      2. Anonymous Coward
        Anonymous Coward

        Re: As much as I like to dump on microsoft a pile...

        DO YOU KNOW YOUR CAPS LOCK IS MALFUNCTIONING?

        Just so you know. Carry on.

        :)

        1. [VtS]Alf

          Re: As much as I like to dump on microsoft a pile...

          Shirley this deserves this link: http://www.bash.org/?835030

        2. Aussie Doc
          Coffee/keyboard

          Re: As much as I like to dump on microsoft a pile...

          Maybe it was a misfunctioning sarcasm lock.

          He WaS aCtUaLlY tRyInG tO tYpE iN sArCaSm MoDe.

      3. Anonymous Coward
        Anonymous Coward

        Re: As much as I like to dump on microsoft a pile...

        You're assuming that remote workers print remotely?

        If I was WFH, I would either print on my printer or email some one in the office asking them to print it for me.

    6. katrinab Silver badge
      Meh

      Re: As much as I like to dump on microsoft a pile...

      Don't most printers have their own built-in print server these days?

      Normally they have an ethernet socket at the back and you plug it directly into the network switch.

      1. Anonymous Coward
        Anonymous Coward

        Re: As much as I like to dump on microsoft a pile...

        Just if you let user access the printer directly you can't manage printer and print queues from a central location - nor deliver drivers directly from the print server.

    7. Griffo

      Re: As much as I like to dump on microsoft a pile...

      By default the printer spooler needs to run on at least one DC in every domain. It controls the printer queue cleanup.

      From the MS documentation:

      "On a domain controller, the installation of the DC role adds a thread to the spooler service that is responsible for performing print pruning – removing the stale print queue objects from the Active Directory. If the spooler service is not running on at least one DC in each site, then the AD has no means to remove old queues that no longer exist"

      So while most orgs will have dedicated file/print servers, the service will be running on at least one DC.

      1. Darkk

        Re: As much as I like to dump on microsoft a pile...

        I have the print spooler disabled on all the DCs in our domain. I suppose I could turn it on once a day to do it's maintenance and then disable it until Microsoft push out a patch. Lucky all our DCs are running Server 2019.

        1. Cliffwilliams44 Silver badge

          Re: As much as I like to dump on microsoft a pile...

          Only required if you publish your printers in AD.

      2. Danny 14

        Re: As much as I like to dump on microsoft a pile...

        we have never had print spooler enabled on our DCs. we shut off services that aren't needed. We havent had any issues with no spooler on our DCs in the decade ive managed it.

        Small companies would be better with VM anyway, even on one physical single point of failure server. You get 2VM per box license so the DC can be separate drom file server even with local storage.

        opens the door for a small cluster should they want resiliency.

        veeam is free for 10vms and an excellent backup option.

    8. 9Rune5

      Re: As much as I like to dump on microsoft a pile...

      In the old days, they print spooler was installed by default.

      Has that changed?

    9. big_D Silver badge

      Re: As much as I like to dump on microsoft a pile...

      End user PCs are also vulnerable and the Print Spooler service is activated as standard (and allows remote connections!) to enable end users to print locally.

      So malware running on any Windows PC on the network can serially infect further devices, which are using the vulnerability.

    10. st73

      Re: As much as I like to dump on microsoft a pile...

      The print spooler service starts automatically by default on windows server, so even if your company isn't using it for printing (I'd imagine most don't), the service must still be stopped and disabled in order to mitigate against this bug.

  2. a_yank_lurker

    Could Be A Disaster

    While I rarely print anything personally or professionally, there are some people who need to print documents with a great deal of regularity. Telling them to stop printing because the Rejects of Redmond haven't fixed a bug (I doubt they would have arsed themselves to fix it if wasn't for the 'accidental' release) is beyond idiotic.

    1. Anonymous Coward
      Anonymous Coward

      Re: Could Be A Disaster

      People who need to print often are unlikely to be hanging off a domain controller for it.

      Most printing is now directly spooled into a target printe from the machine that generates the print.

      1. bombastic bob Silver badge
        Unhappy

        Re: Could Be A Disaster

        and yet the bug/vulnerability exists even for NON-SERVER editions, if I read things correctly.

        And YES, those are vulnerable to RANSOMWARE (and worse) as well...

        [worth pointing out, a VERY RECENT ransomware epidemic - related? dunno yet, but I'd like to]

        If Micros~1 has ANY integrity, they'll have patches for every windows version made available for direct download, and no encumberances.

  3. Anonymous Coward
    Thumb Down

    Sustainability

    This is a big buzzword in our place at the moment - tempting to completely diable printing and say it's to meet our sustainability goals :-)

    1. Anonymous Coward
      Anonymous Coward

      Re: Sustainability

      Print release and moving the printer 20 meters down the hallway will cut your printing in 1/2. Sticking papercut or some other monitoring software to show amounts also helped.

      We removed 75% of printers, paper saving costs paid for printers in under 18 months, sooner with the print refund from extra drop.

      1. Anonymous Coward
        Anonymous Coward

        Re: Sustainability

        I work at a hospital. A few years ago, I was bored and downloaded HP JetAdmin and played about with it.

        For free software, it's pretty good - connect to the printer remotely to do with hell desk call "not printer", ring user and tell them to paper in it...

        Anyway, I was running reports (BTW - how can I change the date to UK DD/MM format?) and during a support meeting was demonstrating this new bit of software - showed a report then we had used 500,000 pieces of paper.

        Next thing I know, they had gotten rid of most of the printers and gone to a managed service!

        1. Danny 14

          Re: Sustainability

          kyocera had something similar and paired with papercut is a reasonable solution.

          1. Anonymous Coward
            Anonymous Coward

            Re: Sustainability

            We do have Papercut, and in fact over the last 12 months it shows a massive reduction in printing - the majority of printers have printed 0 sheets in that period. Of course the office still being closed may have more to do with this than Papercut! The number of toners/printers/cases of paper that people have sent home though has gone through the roof.

            The really puzzling bit is how with two people that do the same job one works quite happily with no home printer at all, and the other "can't function" without one.

    2. Spiz

      Re: Sustainability

      We're doing this. They haven't been able to print for over a year now working from home, therefore don't need to (or we've provided electronic alternatives) so our rented printer fleet is going back.

  4. Anonymous Coward
    Anonymous Coward

    All versions of Windows?

    So it's existed since Win1.0 & they've never bothered to fix it? Or perhaps you meant all current versions which would limit it to only Win10 and the upcomming Win11? Please let us know so that we may further lock down our WinXP boxen to mitigate such inherent imbicility thanks.

    1. Anonymous Coward
      Anonymous Coward

      Re: All versions of Windows?

      Apparently insufficient numbers of people have been hanging printers off domain controllers for this to be discovered earlier, which, to me, is not a bad thing.

      1. Zippy´s Sausage Factory
        Pint

        Re: All versions of Windows?

        Actually, if you put it that way, it's somehow a bit less terrifying. Thank you for that. Have a virtual beer on me!

    2. katrinab Silver badge
      Meh

      Re: All versions of Windows?

      I'm guessing all versions of Windows NT? Windows 1.0 I think used the MS DOS printing system, which was basically write bits directly to the parallel port, and wait for it to finish before you could use your computer again.

  5. Marty McFly Silver badge
    Joke

    Could have been a different title....

    "Decades after launch, Microsoft realizes their printer software is buggy. Users question what took them so long."

    1. arachnoid2

      what took them so long."

      They had a paper jam and Billy the printer boy was on holiday.

  6. vtcodger Silver badge

    At long last -- The Paperless Office

    "Microsoft's own workarounds start with disabling the Print Spooler service and end with disabling inbound remote printing through group policy. The former stops all printing"

    They've been promising us a paperless office for what? 35 years? An now it is here!!!

    1. Anonymous Coward
      Anonymous Coward

      Re: At long last -- The Paperless Office

      It's a Microsoftless Office we're all really striving for.

      1. Anonymous Coward
        Anonymous Coward

        Re: At long last -- The Paperless Office

        Actually, we have that. As we don't have people who need weird Excel spreadsheets we use LibreOffice, MacOS on the desktops/laptops and Linux in the server park.

        We also booted out Adobe after we looked at its network traffic, and our people in design are quite happy with Affinity products after we worked out which fonts had not yet been absorbed by the Adobe monopoly (it's like Microsoft in the 90s).

    2. Version 1.0 Silver badge

      Re: At long last -- The Paperless Office

      Is this the paperless world we're going to more each day? How would we see things these days if God had told Moses to go to an app on his cell phone to receive the Ten Commandments?

      The paperless office will be cloudy, so I expect we'll see a little rain soon.

  7. I code for the bacon
    Linux

    Maybe its time to consider Linux/BSD boxes as print servers

    Print spoolers always will be among the top preferred attack targets. Those attacks could be substantially mitigated or even avoided if administrators connect well configured Linux/BSD boxes running Samba to the Windows domain and make them the print servers.

    1. Anonymous Coward
      Anonymous Coward

      Re: Maybe its time to consider Linux/BSD boxes as print servers

      I wonder why you still need print spoolers.

      Modern printers can queue jobs themselves, and if not, the submitting host will queue the print job locally until the target printer queue is free again. That's why the bigger printers even have an SSD built in.

      1. Anonymous Coward
        Anonymous Coward

        Re: Maybe its time to consider Linux/BSD boxes as print servers

        Because you want to control access to the printers and manage print queues from a single management tool, regardless of the print model. And you want to deliver drivers and settings automatically. Moreover users can look for printers using location and supported features.

        I understand this features doesn't exist or require complex setups under Linux, but they are standard features available out of the box in Windows. The fact the printer can spool locally it's used for features like actually printing only when the user unlock the job at the printer, print the job multiple times, etc.

      2. Danny 14

        Re: Maybe its time to consider Linux/BSD boxes as print servers

        we dont print to a printer. we print to a queue. then papercut decides rhe department, sends to the queu and awaits pickup from the printer. after 4 hours it cancels jobs not picked up.

        the printer talks back to papercut and away ypu go.

        theoretically this can be done on a linux box but is run off windows for convenience. the convenience being im an old mcsd and familiar with windows and like being employed.

        the other side is, im not daft enough to leave non essential stuff running on DCs and I automatically install security and critical updates on a daily check, my thinking is that id rather deal with the aftermath of a crappy update than the aftermath of a 0 day.

        we do have some linux boxes, i have a prototype linux docker in test for digital signs, resilient dns, filtering and a mysql box. it will be some time till I kill off MS though.

    2. Anonymous Coward
      Anonymous Coward

      Re: Maybe its time to consider Linux/BSD boxes as print servers

      Ironically, offering more reliable print and file serves than Windows via Samba is what got Linux into the enterprise in the first place.

      Plus ça change and all that.

      1. Anonymous Coward
        Anonymous Coward

        Re: Maybe its time to consider Linux/BSD boxes as print servers

        You mean adding SMB support into an OS which was stuck in NFS and all its usability issues? Actually Samba is not more reliable nor free of bugs. Usable, at a far lower price, yes.

        1. Anonymous Coward
          Anonymous Coward

          Re: Maybe its time to consider Linux/BSD boxes as print servers

          I was "there" when that started to happen, and the magic word for all the skunkworks was simply uptime.

          I don't know about you, but having to reboot the bejeezes out of a box that has basically only two jobs to do becomes tedious after a while. The decision to swap it out for something that would stubbornly stay up for months where uptimes of a week were exceptional for Windows (on the exact same hardware) was a no-brainer, even taking the risk into account that this was not a "done" thing in an "we-must-meekly-pay-our-tithe-to-Redmond-and-woe-betides-he/she/it-who-blasphemes-by-mentioning-let-alone-deploying-anything-else" environment which I have never subscribed to anyway. I come from a world where stuff has to work, period

          I see it as my job to ensure services are available to users, not to be an acolyte to some specific technical fetish du jour. I use anything that works, is safe, legal, sustainable and that can reliably integrate in a manner that I can educate someone else about. The rest is fluff.

          1. Byron "Jito463"

            Re: Maybe its time to consider Linux/BSD boxes as print servers

            Uptimes of a week were exceptional? While I don't manage servers, my computers - back to the Windows 2000 days - have always had uptimes of at least a month or more, and only that because I finally broke down and installed pending updates. Otherwise, I could have gone for months on end without restarting.

            I can't say my Win9x/DOS computers had that much uptime, but those were a different era.

            1. Anonymous Coward
              Anonymous Coward

              Re: Maybe its time to consider Linux/BSD boxes as print servers

              OK, but was anyone actually using that server?

              In my experience, in those days Windows was very much subject to the erect member condition: it only stayed up if you didn't do anything with it. That's why we eventually gave up and used Linux, mainly so we could use the time wasted on Windows servers to more productive use.

              It's pretty much the same argument that made us later realise that the TCO for a Windows desktop and certainly a laptop is FAR higher than when we started working with MacOS, and even our accountant was shocked when we went through the numbers. That's why we had no problem getting a migration and upgrade budget agreed - when you really start being honest about the numbers (i.e. include lost staff time and risk management expenses), Windows does not look good. Add to that people that travel internationally with laptops and you have to seriously fudge the facts to keep Windows looking good.

              That's why we stick to the facts, but all of them.

          2. Anonymous Coward
            Anonymous Coward

            Re: Maybe its time to consider Linux/BSD boxes as print servers

            Please, if you wish to criticize Windows don't relay on old lore dating back to Windows for Workgroups 3.1 or earlier... unless you're so unable to setup your cracked copy of Windows in a reliable manner, and without it becoming full of malware because you can't apply updates.

            "Uptime" worshiping is really out of fashion now since you need to apply patches regularly - even to Linux and FreeBSD machines - and ensure they can still reboot if needed.

            While you're probably never managed a large site with a lot of users and printers.

            But keep on gathering in your basement and tell tales about that horrible Windows....

            1. Anonymous Coward
              Anonymous Coward

              Re: Maybe its time to consider Linux/BSD boxes as print servers

              "Uptime" worshiping is really out of fashion now since you need to apply patches regularly - even to Linux and FreeBSD machines - and ensure they can still reboot if needed.

              Ah, but I can apply most patches under Linux and FreeBSD without system downtime, whereas that certainly was impossible with Windows in those days, and it has as yet not really improved as far as I can tell.

              Selling this as "testing reboots" is exactly the kind of BS Microsoft marketing is using to distract from reality - I test restarts quarterly as part of our BCM process, which translates to "we test this when we can fit it into our business schedule" whereas the Redmond approach is more "we're bored, let's disrupt businesses globally again, just to show we can" and forces those *cough* "reboot tests" *cough* on you when they have yet again discovered a problem with their code (you'd think they would have refactored everything by now).

              In essence, your restarts are determined by a third party who doesn't care at all about the impact it has on your business as long as they get their IT tax.

              As I said before, where I come from, stuff has to work. We don't "worship" uptime as a number, we have it as a service metric that helps us demonstrate that we deliver. I can understand that Microsoft supporters want to denigrate that as a metric because it pretty much excludes anything produced by Redmond.

              Windows is good for gaming, but our business is not a game.

    3. Peter Gathercole Silver badge

      Re: Maybe its time to consider Linux/BSD boxes as print servers

      There's currently an intention by the CUPS developers to deprecate CUPS from GS/Gutenprint and switch to a pure IPP solution using the PDF rendering built in to all modern printers.

      The developers say that they will keep support for the older way of rendering prints around for a while, but you may have to enable it.

      This is likely to upset a large number of people (the idea certainty upsets me because I keep old printers running), so expect that if you install a current Linux system, that you may have to re-work this again in the near future, depending on your distro. of choice.

      How did I find this out? Well I was trying to install a printer that neither has nor needs CUPS support (it's actually a plotter) as a raw print device (i.e. don't touch the printstream, just spool it and send to the device), and I found that it seems nearly impossible now, and will be completely impossible when IPP support becomes the norm.

      Linux is for choice? Really?

      Another case of the developers 'knowing absolutely' what all users want!

  8. rwbthatisme
    Coat

    the spooler has always been a wide open barn door, basically by design any user can write to the directory….

    1. Anonymous Coward
      Anonymous Coward

      Microsoft trusted partners are cable of producing spooler killing software which could give access to admin privileges. I have been aware for this for 20 years. Not naming any culprits but I hear you Brother you should leaving to it the open source people and pay cups handsomely for their efforts .

      Rant over

      End of message.

  9. unccvince

    The solution to rule them all ... in that situation

    Replace the MSAD with Samba-AD, don't use a print server, use WAPT or a software and configuration deployment tool to deploy printer drivers locally.

    There is a little learning to do, but the described setup is highly scalable, horizontally (reproduce on many networks) and vertically (will work on networks of any size).

    1. Darkk

      Re: The solution to rule them all ... in that situation

      This will ONLY work if you don't have Microsoft Exchange in your domain.

      1. Anonymous Coward
        Anonymous Coward

        @"This will ONLY work if you don't have Microsoft Exchange in your domain."

        That's a feature, Madam

    2. hoola Silver badge

      Re: The solution to rule them all ... in that situation

      And where do you stand on support?

      If you have a high skills base then it may be feasible but there are reasons why people continue to use Windows, SMB or Enterprise.

      You either go complete Open Source and take your chance or you start paying for support, either though a third party or something like RedHat or SUSE. At that point are you actually any better off?

      For the SMB that only has one server they invariably have to have Windows because there will be other bits and pieces that are only supported on that OS.

      It is very easy for skilled professionals to state "switch to Linux/Samba-AD/CUPs" because it is "better/more secure/simpler". The point is it may be for them, not the person who is stuck with managing the server in the SMB because "they know about computers", or have enough understanding to keep it going.

  10. Anonymous Coward
    Anonymous Coward

    Not just domain controllers

    The one sided focus on DCs in the comments speaks volumes on the lack of working knowledge on the part of many commenters. Sure, a compromised DC is very bad news. But any server or workstation running the print spooler is vulnerable, so unless you're comfortable with that scenario mitigation is mandatory on any device, DC or not

    1. Anonymous Coward
      Anonymous Coward

      Re: Not just domain controllers

      OK, I hear you, but AFAIK it's only an issue on DCs. Desktops have enough problems on their own anyway.

      1. foxyshadis

        Re: Not just domain controllers

        Even on home/pro editions, there's a reason it's called "File **and Printer** Sharing", and people certainly do use it. The mechanics of sharing printers aren't really any different between a server and a home edition. Certainly being able to own your dad's or your coworker's PC isn't quite the win that a DC is, but it's still an extraordinary breach.

  11. Anonymous Coward
    Anonymous Coward

    I read this as yet more proof that MS have been reselling the same code/rope for years and yet presented their products as "all new" and "fixed".

    Ironic that upgrade versions of their products typically cost more than the standalone versions, meaning, to me, that MS were not content with just selling their customers the same rope over and again but actually wanted to charge the suckers more after they had already bought that code in the past

    1. stiine Silver badge
      FAIL

      So you, too, remember Mirosoft saying that more than one version of Windows was a ground-up rewrite?

      1. Anonymous Coward
        Anonymous Coward

        Yes, and we know Microsoft to be always 100% truthful, especially in its product marketing.

        /s

        1. Cliffwilliams44 Silver badge

          Backward compatibility has always been Microsoft's Achilles heel!

          This is always driven by their customer base who would scream bloody murder if their 10 Yr old ERP software does not function on the "newest Windows".

          We are currently fighting our ERP not supporting LDAPs, which they apparently have no current plan to do so,

  12. foxyshadis

    The final death knell of kernel-mode printing

    At least, I really hope this will be the end. The drivers haven't needed to exist in over a decade and were a bad idea from the beginning, and the last thing the subsystem needs is deeply vulnerable legacy support. Hopefully after this all kernel paths in the print system will be fully excised. Next up, full process isolation for each printer, not just the spooler, because drivers will still suck and will always suck.

    1. Mr Dogshit

      Re: The final death knell of kernel-mode printing

      Hang on...

      Are you saying device drivers need not run in kernel mode?

      1. foxyshadis

        Re: The final death knell of kernel-mode printing

        User Mode Driver Framework, the name for it in Windows, is almost 20 years old now and has been in production for 15 years. There are practically no new third-party kernel-mode drivers and only a handful of first-party ones, and most of those deal with virtualization; the problem is the long tail of outdated, abandoned, but supported drivers keeps the path to kernel exploit open.

        For printers, it comes down to companies abandoning software support for their copiers years or decades before the real service life of them runs out. For drivers in general, it's mostly old server hardware that no one wants to update.

  13. hayzoos

    Windows printing

    It's been a while since I have supported a Windows network so my memory may be skewed.

    I thought any Windows machine which had an application that required printing, would have to have the local print spooler active. Then any Windows machine which had a printer attached would have to have the print spooler active. And there was the possibility of a print server with no printers attached acting as a centralized print manager which had to have the print spooler active. Print spooler was active by default in a Windows installation.

    Non-traditional printing such as generic print to file or more specifically print to pdf, ps, txt, nul, xyz, cia, nsa, kgb, or whatever format or actual destination was still printing and required the spooler. Even save as pdf in some instances was implemented through the printing mechanism.

    Granted, the big prize is executing as system on a DC, and getting there in fewer steps is better understood and easier. But, executing as system on any domain member can get you the big prize with the right incantations.

  14. Steve B

    Why are the US programmers so bad?

    So you want to print on a remote PC printer.

    Set up a connection, pipe the data, close the connection.

    Simple so where does the requirement for the ability to execute code come into that?

    The possibility of the "bug" should never have existed in the first place, just very poor design and even worse programming.

    1. hayzoos

      Re: Why are the US programmers so bad?

      It's a one piece of the puzzle type of thing. A print spool no matter how implemented must accept input from any user allowed to print, i.e. write access for the user. Because of how printing has evolved, some of the "printout" may contain code intended for the printer i.e. postscript and it's close cousin PDF which further expands upon the code "features". Now all this is intended for printer control, but feature creep has the printspooler meddling with the data stream for various purposes.

      So, "modern printing" in the "age of the paperless office" is not as simple as it may seem.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like