Windows Updates Might Break Printing, Again
Microsoft has warned that with the upcoming Windows updates, a temporary fix provided a year ago to address Windows Server printing issues will be removed which could break printing.
The July 2021 security update for Windows domain controllers caused printing to break on several Windows Server versions. This issue affects printers, scanners and multifunction printers that are non compliant CVE-2021-33764 hardening changes.
“Starting on July 21, 2022, this temporary mitigation will not be usable in security updates. The Windows July 2022 preview update will remove the temporary mitigation and will require compliant printing and scanning devices,” said Microsoft.
Microsoft stated that “The affected devices are smart card authenticating printers, scanners, and multifunction devices that don’t support either Diffie-Hellman (DH) for key-exchange during PKINIT Kerberos authentication or don’t advertise support for des-ede3-cbc (‘triple DES’) during the Kerberos AS request,” they also said that “Smartcard-authenticating printers and scanners must be compliant with section 3.2.1 of the RFC 4556 specification required for CVE-2021-33764 after installing these updates or later on Active Directory domain controllers.”
Thankfully microsoft said that any smart card authenticating devices will work unaffected by the issue provided they are using username and password authentication. Admins are advised to check their logs on their Active Directory DCs to identify RFC-4456 incompatible printers.