Skip to main content
Waters Employee Login
 
Waters

Does the Windows "PrintNightmare" vulnerability impact NuGenesis? - WKB203778

  1. Last updated
  2. Save as PDF
Article number: 203778

ENVIRONMENT

  • Windows Server 2019 / 2016 / 2012 / 2008
  • Windows 10 / 8.x / 7
  • NuGenesis 9
  • NuGenesis 8
  • Security vulnerabilities in / related to the Windows Print Spooler

ANSWER

The name "PrintNightmare" encompasses multiple defects in the Windows Print Spooler service, all of which can lead to security breaches in Windows system, and which were found/disclosed publicly within a short time fame in July 2021.  These bugs does not directly impact NuGenesis software; however, some of the known mitigations can impact NuGenesis.

  1. Applying the system patches. Waters has not tested the compatibility of the Windows patches with NuGenesis software. It is expected that the patches have no impact on either the installation or the operation of the software
  2. Stopping and disabling the Print Spooler service. This method prevents any possible exploit of the service; however, it also prevents both local and remote printing. This impacts NuGenesis UNIFY, UNIFYps, Waters Image Writer, and Waters LMS PDF Printer components directly because those virtual printers use the spooler service.
  3. Disabling remote connections to the Print Spooler service. Local printers (such as NuGenesis UNIFY) will continue to print, but the service will not respond to print requests from remote machines, thus avoiding the bug. This method likely will impact UNIFYps in its ability to receive print jobs from Windows machines. Printing to UNIFYps from a Unix or Linux box is not expected to be impacted because they use the line printer protocol to receive print jobs from clients, not the Windows spooler service
  4. Enable restrictions on Point and Print via Group Policy.  Windows allows users to download and install drivers for new printers via a feature called "Point and Print".  This setting should be restricted by policy:
    1. Computer Configuration \ Administrative Templates \ Printers: "Extend Point and Print connection to search Windows Update.  Disable this policy
    2. Computer Configuration \ Administrative Templates \ Printers: "Package Point and Print - Approved servers".  Enable this policy and specify a valid server name, or enter a placeholder server name to disable Point and Print

ADDITIONAL INFORMATION

UNIFYps is NOT supported for use with Windows clients. The intent of UNIFYps is to allow customers to print from Linux/Unix machines to NuGenesis.

If the Print Spooler service is stopped on a client machine or Citrix server, then users will:

  • Not see any images of LMS document sections as printed by the Waters Image Writer
  • Not be able to print to NuGenesis UNIFY
  • Not be able to print document reports from LMS
  • Not be able to view Jasper report PDFs in LMS

Has Waters tested Empower against the PrintNightmare patch released by Microsoft?

id203778, NGLMS, NGLMSLIC, NGLMSOPT, SDMS, SDMS8, SDMS8NU, SUPISDMS, SUPNG

Not able to find a solution? Click here to request help.