[German]After installing updates (e.g. KB5004945, KB5003690, KB5004760), some decicated to close the vulnerabilities in the print spooler service, systems with label printers from Zebra and Dymo experienced printing issues – printing is no longer possible. Until now, the only option was to uninstall the relevant update or try to print directly via USB. Based on the feedback, however, Microsoft has now responded and provided a fix to correct this problem caused by several updates via the KIR function available in Windows 10 from version 2004 and later.
Remote Code Execution (RCE) vulnerability CVE-2021-1675 (as well as other vulnerabilities) exists in the Windows Print Spooler service in all versions of Windows. These vulnerabilities allow attackers to execute arbitrary code with SYSTEM privileges. Through an unintentionally published proof of concept (PoC), there have already been initial attacks on the vulnerability.
I had reported early on the vulnerability in the blog post PoC for Windows Print Spooler Vulnerability Public, High RCE Risk. Then, as of July 6 and 7, 2021, Microsoft released unscheduled updates for supported versions of Windows (see articles below).
Theoretically, special updates to close the Remote Code Execution (RCE) vulnerability CVE-2021-1675 are therefore available for all supported Windows versions – including server counterparts.
Updates cause issues with Zebra/Dymo printers
The problem with this approach, however, is that there's lots of collateral damage, from installation problems to BlueScreens to striking printers. I had covered this in the blog post The Chaos PrintNightmare Emergency Update (July 6/7, 2021). In particular, administrators of Zebra and Dymo label printers had the problem that after installing the updates in question, printing was no longer possible under Windows 10. Two options came to my attention as a solution:
- Uninstalling the special update to be able to print again
- Run the label printer locally on the client and if necessary try to uninstall and then reinstall the printer driver.
Whether the second solution works, you have to test – German blog reader Bolko pointed out the issue in this comment.
Windows 10 fix via Known Issue Rollback (KIR)
Microsoft has confirmed the problem with the label printers a few hours ago in the Windows 10 2004-21H1 healt dashboard as well as in the support article for KB5004945 with a separate entry in the Know Issues and writes in the status area:
After installing KB5003690 or later updates (including out of band updates, KB5004760 and KB5004945), you might have issues printing to certain printers. Most affected printers are receipt or label printers that connect via USB.
Most interesting for me is the note that Microsoft writes that the printing problem has nothing to do with the vulnerabilities fixed by the special updates. So the problem goes back to the preview update KB5003690 from June 21, 2021 and was also dragged along in the out-of-band update KB5004760 zur to correct PDF problems. Also in the support article for KB5004945, the Know Issues states:
After installing this update, you might have issues printing to certain printers. Most affected printers are receipt or label printers that connect via USB.
Microsoft cites Windows 10 version 2004 to 21H1 as clients and Windows Server version 2004 and 20H2 as affected. In the Windows 10 2004-21H1 health dashboard as well as in the support article for KB5004945, Microsoft states that they have a solution:
This issue is resolved using Known Issue Rollback (KIR). Please note that it might take up to 24 hours for the resolution to propagate automatically to consumer devices and non-managed business devices. Restarting your Windows device might help the resolution apply to your device faster.
The problem is automatically fixed under Windows 10 by rolling back the affected feature via the KIR function. However, this only applies to systems updated via Windows Update and Windows Update for Business (see the following note).
Note: I described the Known Issue Rollback (KIR) feature in the post Windows 10 2004-20H2: Office memory or media error when opening documents fixed. It allows Microsoft to automatically roll back a fix for identified problems. This disables the problematic fix and re-enables the saved previous code, so it does not uninstall the entire update. Many details can be read in this Microsoft post. It is important to know, however, that Microsoft only uses KIR for problems with non-security-critical updates. Also, KIR is only available on Windows 10 2004 and later, and is only used on systems that receive updates via Windows Update or Windows Update for Business.
On managed systems, Microsoft provides special group policies for KIR. Microsoft writes about this issue in the Know Issues solution:
For enterprise-managed devices that have installed an affected update and encountered this issue, it can be resolved by installing and configuring a special Group Policy. Note Devices need to be restarted after configuring the special Group Policy. For help, please see How to use Group Policy to deploy a Known Issue Rollback. For general information on using Group Policies, see Group Policy Overview.
So for managed systems, Microsoft provides a special Group Policy via the above link to perform the Know Issue Rollback. For details, see the linked articles.
Patchday: Windows 10-Updates (June 8, 2021)
PoC for Windows print spooler vulnerability public, high RCE risk
Windows Print Spooler Vulnerability (CVE-2021-1675, PrintNightmare) Confirmed by MS; CISA Warns
0Patch Micropatches for PrintNightmare Vulnerability (CVE-2021-34527)
Out-of-Band Update closes Windows PrintNightmare Vulnerability (July 6, 2021)
PrintNightmare out-of-band update also for Windows Server 2012 and 2016 (July 7, 2021)
The Chaos PrintNightmare Emergency Update (July 6/7, 2021)
Windows 10: Microsoft fixes Zebra & Dymo printer issues caused by update (e.g. KB5004945) via KIR
Microsoft on PrintNightmare vulnerability CVE-2021-34527: Windows is secure after patch
Cookies helps to fund this blog: Cookie settings