There’s now a manual workaround to fix the important all-Windows ‘PrintNightmare’ security hole, at least for domestic and standalone PC users who don’t need to print over a network.

See the official Microsoft Workarounds / Option 2.

Stop the Print Spooler as a Service.
Change the PC’s Group Policy to block “inbound remote printing operations”.
Restart the Print Spooler.

This will “will block the remote attack vector”. Yup, it seems the fix is that easy.

Update: Cancel that. Ten days later and another hole has been found, which for now means that the Windows Print Spooler service should be stopped totally even on domestic and standalone PCs.