On Tuesday, Microsoft released 60 updates and fixes as part of their monthly Patch Tuesday updates. These updates included a fix for the last remaining PrintNightmare vulnerability. However, instead of fixing the problem, Microsoft seems to have dropped the ball here as numerous system admins are reporting wide-scale network printing problems after the update.
The update on Tuesday included a patch for CVE-2021-36958, the last remaining PrintNightmare vulnerability. The bug first surfaced in July this year and allowed attackers to gain admin access and run arbitrary code on a Windows PC by exploiting the Print Spooler service.
Microsoft was quick to issue a fix and has been working on patching any other loopholes ever since. However, users have reported that they can no longer print to network computers after the new updates.
Microsoft has had to make significant changes to the entire Point, and Print feature and the way drivers are installed from a print server to patch this vulnerability. The changes include requiring admin privileges to install printer drivers via the feature.
The company has also incorporated registry settings that allow disabling the changes, making computers vulnerable once again. The changes can be configured by modifying the registry key at the following path.
According to security researcher Benjamin Delpy, the latest fix introduced changes that automatically block the CopyFiles directive print driver feature. WHich means that if printers in your organisation use this directive, they’re likely to not work after the latest update.
Network printers from just about every manufacturer for Type 3 and Type 4 drivers seem to be impacted. The updates causing problems are as follows.
- KB5005606 (Windows Server 2008)
- KB5005618 (Windows Server 2008)
- KB5005623 (Windows Server 2012)
- KB5005607 (Windows Server 2012)
- KB5005613 (Windows Server 2012 R2)
- KB5005627 (Windows Server 2012 R2)
- KB5005568 (Windows Server 2019)
- KB5005615 (Windows 7 Windows Server 2008 R2)
- KB5005565 (Windows 10 2004, 20H2, and 21H1)
- KB5005566 (Windows 10 1909)
- KB5005573 (Windows Server 2016) (H/T Bill Ruys, North Cloud)