There’s now a manual workaround to fix the important all-Windows ‘PrintNightmare’ security hole, at least for domestic and standalone PC users who don’t need to print over a network.

See the official Microsoft Workarounds / Option 2.

Stop the Print Spooler as a Service.
Change the PC’s Group Policy to block “inbound remote printing operations”.
Restart the Print Spooler.

This will “will block the remote attack vector”. Yup, it seems the fix is that easy.

Although… some versions of Windows do not have the required Group Policy Editor. In that case AskVG has instructions for Home users.

Update: Cancel that. Ten days later and another hole has been found, which for now means that the Windows Print Spooler service should be stopped totally even on domestic and standalone PCs. From some software you may still be able to “Save as PDF” but not always. There’s now a massive commercial opportunity for someone to develop a way to print on Windows, without the Windows Print Spooler service being active. Someone is going to make millions from that, as Microsoft doesn’t seem to be interested in the possibility.