[German]As of October 12, 2021, Microsoft has addressed new vulnerabilities in the environment of the security holes known as PrintNightmare via update. Therefore, a short look at the issue in question, which is still not off the table. In addition, it crystallizes that the October 2021 update for Windows will once again cause printing problems for network printers. There is a rough overview of this as well. Addition: Microsoft has just confirmed certain printing problems.
Printing issues after October 2021 update
Windows updates from October 12, 2021 lead to new printing problems for some users. Update KB5006670 for Windows 10 version 2004 through 21H1 breaks the ability to print from a client to a Windows server. Blog reader Christian addressed it in this comment: Kb5006670 installed on clients causes inability to print from a server. On my German blog post Patchday: Windows 10-Updates (12. Oktober 2021) (here is the English version: Patchday: Windows 10-Updates (October 12, 2021)), there were also a number of other feedbacks about printing problems. German reader Liam addressed the issue in this comment:
Has anyone had problems with network printers installed on a server after the KB5006670 update? Printers could not be reinstalled because they were asked for credentials. Even with correct input no chance. Uninstalled the update and the connection worked immediately :)
The problem is confirmed by other readers. Blog reader Marco points out in this comment that according to his experience it currently only affects computers in workgroups without Actice Directory integration. He writes the following about it:
So far the only workaround is to uninstall the update completely or to replace the win32spl.dll in the System32 folder with an older one (for example with the September version 10.0.19041.1237. In the Bleeping Computer forum you can find a script to easily replace the DLL. You have to adjust the "icacls" line in the script for a German Windows and use "administrators" instead of "builtin\administrators".
Note, that the initial script has been updates, see the whole forum thread linked above
Maybe this helps someone – although the exchange of DLLs in enterprise environments is rather not so yellow of the egg. The registry entries listed in the blog post Windows PrintNightmare: Status, issues and workarounds (Sept. 22, 2021) don't seem to work this time.
Microsoft confirms printing issues
Microsoft has just confirmed certain printing problems in the Windows status area in various Know-Issues sections. The article Custom printing properties might not be correctly provided to print server clients states:
After installing KB5005611 on a print server, printing properties defined on that server might not be correctly provided to clients. Note this issue is specific to print servers and does not impact standard network printing. This issue will not cause printing operations to fail, however, custom settings defined on the server – for example, duplex print settings – will not be applied automatically, and clients will print with default settings only.
This issue results from an improper building of the data file which contains the printer properties. Clients which receive this data file will not be able to use the file content and will instead proceed with default printing settings. Clients who have previously received the settings package prior to the installation of KB5005611 are unaffected. Servers which use default print settings and have no custom settings to provide to clients are unaffected.
Note: The printer connection methods described in this issue are not commonly used by devices designed for home use. The printing environments affected by this issue are more commonly found in enterprises and organizations.
Workaround: IT administrators with admin privileges can still install printer drivers on the client through other means, such as copying packaged drivers from a known good package location. Additionally, clients can still be modified manually to adopt desired printer settings.
The problem affects all Windows clients from Windows 7 SP1 to Windows 10 21H1, as well as the respective server pedants. The page also lists the error Installation of printers via Internet Printing Protocol (IPP) might not succeed.
After installing KB5005565, installation of printers using Internet Printing Protocol (IPP) might not complete successfully. Devices which had connected to and installed the printer prior to the installation of KB5005565 are unaffected and print operations to that printer will succeed as usual.
This issue affects Windows 10 clients 21H1, 20H2, 2004, 1809, 1909, and Windows 11 21H2, and Windows Server 20H2, 2004, 1809, 1909, and 2022.
PrintNightmare fixes from October 2021
For cumulativen Update KB5006672 for Windows 10 Version 1809, Microsoft explicitly stated that a problem with deploying drivers for Internet printers was corrected (see also Patchday: Windows 10-Updates (October 12, 2021)). In the KB5006675 update for the RTM version of Windows 10, on the other hand, the group policy setting for Point-and-Print (RestrictDriverInstallationToAdministrators) was implemented for the first time.
Addresses an issue that prevents an internet print server from properly packaging modified printer properties before sending the package to the client.
I also received an email from security vendor Tenable informing me that Microsoft has again closed a spoofing vulnerability CVE-2021-36970 with the Windows updates in Windows 7 to Windows 10 as well as the server counterparts as of October 2021.
The latest release includes a fix for CVE-2021-36970, a spoofing vulnerability in Microsoft's Windows Print Spooler. Researchers XueFeng Li and Zhiniang Peng of Sangfor discovered this vulnerability. They are also credited with the discovery of CVE-2021-1675, one of two vulnerabilities known as PrintNightmare. Although no details about the vulnerability have been disclosed yet, it is definitely something to keep an eye on as more and more Print Spooler-related vulnerabilities were patched over the summer. At the same time, ransomware groups started to include PrintNightmare in their affiliate playbook. We strongly recommend that organizations apply these patches as soon as possible. Microsoft also patched the CVE-2021-40449 vulnerability, a vulnerability in Win32k that allows elevation of privilege. According to reports, this vulnerability has already been exploited by attackers as a zero-day. It is not uncommon for zero-day vulnerabilities with elevated privileges to be patched on Patch Tuesday. These vulnerabilities are most valuable in post-compromise scenarios when an attacker has gained access to a target system by other means to execute code with elevated privileges.
This means that administrators have the choice between plague and cholera: either not being able to print or uninstalling the security updates from October 2021 again.
PoC for Windows print spooler vulnerability public, high RCE risk
Windows Print Spooler Vulnerability (CVE-2021-1675, PrintNightmare) Confirmed by MS; CISA Warns
0Patch Micropatches for PrintNightmare Vulnerability (CVE-2021-34527)
Out-of-Band Update closes Windows PrintNightmare Vulnerability (July 6, 2021)
PrintNightmare out-of-band update also for Windows Server 2012 and 2016 (July 7, 2021)
The Chaos PrintNightmare Emergency Update (July 6/7, 2021)
Windows 10: Microsoft fixes Zebra & Dymo printer issues caused by update (e.g. KB5004945) via KIR
Microsoft on PrintNightmare vulnerability CVE-2021-34527: Windows is secure after patch
Patchday: Windows 10-Updates (July 13, 2021)
Patchday: Windows 8.1/Server 2012-Updates (July 13, 2021)
Patchday: Updates für Windows 7/Server 2008 R2 (July 13, 2021)
Windows vulnerability PrintNightmare: It's not over yet (July 15, 2021)
Microsoft Defender for Identity can detect PrintNightmare attacks
PrintNightmare: Point-and-Print allows installation of arbitrary files
0patch fix for new Windows PrintNightmare 0-day vulnerability (Aug. 5, 2021)
Windows PrintNightmare, next round with CVE-2021-36958
Ransomware gang uses PrintNightmare to attack Windows servers
Vice Society: 2. Ransomware gang uses Windows PrintNightmare vulnerability for attacks
Microsoft shows a "slim foot" with PrintNightmare
Windows: PrintNightmare wrap-up and status (August 28, 2021)
Patchday Sept. 2021 Review: New PrintNightmare fix, new issues, new desaster?
Windows PrintNightmare: Microsoft confirms printing problems after Sept. 2021 update
Windows September 2021 Update: Workaround for some printing issues
Windows PrintNightmare: Status, issues and workarounds (Sept. 22, 2021)
Tip: Windows PrintNightmare test tools for administrators
Cookies helps to fund this blog: Cookie settings