CCE-99886-4Platform: cpe:/o:microsoft:windows_server_2012:- | Date: (C)2023-12-27 (M)2023-12-27 |
This policy setting controls whether computers will show a warning and a security elevation prompt when users are updating drivers for an existing connection using Point and Print.
The recommended state for this setting is: Enabled: Show warning and elevation prompt.
Enabling Windows User Account Control (UAC) for updating existing print drivers can help mitigate the PrintNightmare vulnerability and other Print Spooler attacks.
Although the Point and Print default driver installation behavior overrides this setting, it is important to configure this as a backstop in the event that behavior is reversed.
Fix:
(1) GPO: Computer Configuration\Administrative Templates\Printers\Point and Print Restrictions: When updating drivers for an existing connection
(2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint!UpdatePromptSettings
Parameter:
[Show warning and elevation prompt/Show warning only]
Technical Mechanism:
(1) GPO: Computer Configuration\\Administrative Templates\\Printers\\Point and Print Restrictions: When updating drivers for an existing connection
(2) REG: HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\Printers\\PointAndPrint!UpdatePromptSettings
CCSS Severity: | CCSS Metrics: |
CCSS Score : 5.5 | Attack Vector: LOCAL |
Exploit Score: 1.8 | Attack Complexity: LOW |
Impact Score: 3.6 | Privileges Required: LOW |
Severity: MEDIUM | User Interaction: NONE |
Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | Scope: UNCHANGED |
| Confidentiality: NONE |
| Integrity: NONE |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:96111 |