CVE-2021-1675 (PrintNightmare) vulnerability is critical and should be addressed immediately, as a patch is not yet available. A regular domain user can easily take over the entire Active Directory domain. How to keep your print servers running, until a patch is available ? Restricting the ACLs. This is not a perfect solution, but until a patch is available.

https://blog.truesec.com/2021/06/30/fix-for-printnightmare-cve-2021-1675-exploit-to-keep-your-print-servers-running-while-a-patch-is-not-available/