Windows 10 has yet another printer problem, but only a small number of devices are affected. Microsoft recently delivered a patch that fixed the PrintNightmare vulnerability. However, it appears the July cumulative update has brought in some more printing problems of its own. The Windows maker has confirmed the following known issue for Build 19043.1110 (KB5004237):
After installing updates released July 13, 2021 on domain controllers (DCs) in your environment, printers, scanners, and multifunction devices which are not compliant with section 3.2.1 of RFC 4556 spec, might fail to print when using smart-card (PIV) authentication.
Microsoft further explains:
On July 13, 2021, Microsoft released hardening changes for CVE-2021-33764. This might cause this issue when you install updates released July 13, 2021 or later on a domain controller (DC). The affected devices are smart card authenticating printers, scanners, and multifunction devices that don’t support DH or advertise support for des-ede3-cbc (\”triple DES”) during the Kerberos AS request. Per section 3.2.1 of RFC 4556 spec, for this key exchange to work, the client has to both support and notify the key distribution center (KDC) of their support for des-ede3-cbc (\”triple DES”). Clients who initiate Kerberos PKINIT with key-exchange in encryption mode but neither support nor tell the KDC that they support des-ede3-cbc (\”triple DES”), will be rejected.
Microsoft has advised to verify that you are using the latest firmware and drivers available for your device if you encounter this issue with your printing or scanning devices. If the firmware/driver is up-to-date and you still face this problem, the Windows maker suggests contacting the device manufacturer.
\”Ask if a setting or configuration change is required to bring the device into compliance with the hardening change or if a compliant update will be available,\” the company added.
The issue impacts Windows 8.1 and Windows 7, along with the following versions of Windows 10:
- Latest Windows 10, version 21H1
- Windows 10, version 20H2
- Windows 10, version 2004
- Version 1909
- Version 1809
- Windows 10 Enterprise LTSC 2019
- Windows 10 Enterprise LTSC 2016
- Windows 10, version 1607
- Windows 10 Enterprise 2015 LTSB
- Windows 8.1
- Windows 7 SP1
- Server: Windows Server, version 20H2; Windows Server, version 2004; Windows Server, version 1909; Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Microsoft is working on a temporary mitigation for this latest Windows 10 printing bug to enable affected devices to be able to print and scan until the device manufacturers release compliant firmware and drivers for their devices. For more details, check out this support page.
– Relevant: Microsoft Confirms the Last W10 Feature Update