Microsoft seems to be having to deal with issues related to printers for a while now. This year alone, starting with the March update that caused the blue screen of death (BSOD) when trying to print, and more recently with the PrintNightmare print spooler service vulnerability. And Microsoft's troubles aren't stopping there.
Today, the firm has confirmed that its recent July security update version KB5004237, which was released on July 13, is causing problems when printing on certain systems when trying to utilize smart cards for user authentication. This time, alongside printing problems, scanning on such systems may also not work.
According to the Redmond firm, the KB5004237 July 13 cumulative update fixed printing problems on such printers that were connected via USB. However, it seems the update has also introduced a new bug as a result of the changes made for dealing with the CVE-2021-33764 vulnerability. This is causing the new issue on Domain Controller servers which act as gatekeepers responsible for dealing with such authentication requests.
It has been noted however that while working with smart cards may fail, username and password authentication should work without issue. Here's how Microsoft has described the problem:
After installing updates released July 13, 2021 on domain controllers (DCs) in your environment, printers, scanners, and multifunction devices which are not compliant with section 3.2.1 of RFC 4556 spec, might fail to print when using smart-card (PIV) authentication.
The problem has been detailed a bit more under KB5005408 which explains that client printers and scanners must be compliant with either of the following:
Use Diffie-Hellman for key-exchange during PKINIT Kerberos authentication (preferred).
Both support and notify the KDC of their support for des-ede3-cbc ("triple DES”).
Here, KDC refers to a Key Distribution Center.
The Windows platforms affected by this issue are:
-
Client: Windows 10, version 21H1; Windows 10, version 20H2; Windows 10, version 2004; Windows 10, version 1909; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise 2015 LTSB; Windows 8.1; Windows 7 SP1
-
Server: Windows Server, version 20H2; Windows Server, version 2004; Windows Server, version 1909; Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Microsoft has said that it's investigating the issue and will provide a temporary workaround. For people having problems, the company has asked to update the necessary drivers and firmware and to consult with the device manufacturers when needed. You may find more details about the problem here on the company's official page.
19 Comments - Add comment