Microsoft warns new Windows updates can cause printer errors

Microsoft has officially issued a warning that an optional preview update released last week may cause printer errors.

The reason is that the temporary mitigation feature that was provided a year ago to address Windows Server printing on non-compliant devices will be removed.

Last year, Microsoft reported an issue that could cause print and scan errors on multiple versions of Windows Server after installing the July 2021 security update on a Windows domain controller.

This known issue affects printers, scanners, and multifunction devices that do not comply with the enhanced changes CVE-2021-33764 and use smart card authentication (PIV).

"The affected devices are printers, scanners and smart card authentication multifunction devices that do not support Diffie-Hellman (DH) for key exchange during PKINIT Kerberos authentication or do not support des- ede3-cbc (triple DES) in the Kerberos AS request," Microsoft explains.

Microsoft warns new Windows updates can cause printer errors Picture 1 Microsoft warns new Windows updates can cause printer errors Picture 1

Fortunately, according to Microsoft, all affected smartcard authentication devices are still functional and unaffected if username/password authentication is used.

In the middle of last week, Microsoft said that the temporary fix has now been disabled by this week's optional preview updates on Windows Server 2019 systems. This change will result in printing and scanning errors in the environment. Windows with non-compliant devices.

"Starting July 21, 2022, this temporary mitigation will not be available in security updates. The Windows July 2022 preview update will remove the temporary mitigation and will require compliant printing and scanning devices," Microsoft said.

Temporary mitigations will also be removed on all affected versions of Windows Server (Windows Server 2019, 2016, 2012 and 2008) with next month's Patch Tuesday security updates, scheduled for release on September 9. August 2022.

"All updates released on this date or after will not be able to use the temporary mitigations feature," Microsoft explains.

"Smart card authentication printers and scanners must comply with section 3.2.1 of the RFC 4556 specification required for CVE-2021-33764 after installing these updates or later on an Active domain controller Directory".

To find non-compliant devices that will fail to authenticate after installing Windows DC updates in July 2022 or later, Admins should check the logs on their Active Directory DCs for events. RFC-4456 incompatible printer identification event was added after the Windows Server February 2022 updates were deployed.