PATCH WATCH By Susan Bradley Is Print Nightmare finally fixed? The August updates are out and finally include a fix for the fix for the earlier fix fo
[See the full post at: Is it safe to print again?]
Susan Bradley Patch Lady/Prudent patcher
![]() |
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
SIGN IN | Not a member? | REGISTER | PLUS MEMBERSHIP |
Home » Forums » Newsletter and Homepage topics » Is it safe to print again?
PATCH WATCH By Susan Bradley Is Print Nightmare finally fixed? The August updates are out and finally include a fix for the fix for the earlier fix fo
[See the full post at: Is it safe to print again?]
Susan Bradley Patch Lady/Prudent patcher
The August update, in combination with the PrintNightmare/Point and Print GPO (Detailed here: https://support.microsoft.com/en-us/topic/kb5005010-restricting-installation-of-new-printer-drivers-after-applying-the-july-6-2021-updates-31b91c02-05bc-4ada-a7ea-183b129578a7) , has broken printing across our environment, prompting for admin credentials the first time a print job is sent to each installed printer.
What a printing nightmare, especially when no users have admin rights.
And no, we’re not permitted to roll back the GPO due to compliance reasons.
Ack! No one in the office can print without reinstalling drivers. Fortunately, there are “only” 21 PCs, so I won’t be doing this all day. Also fortunately, I can connect remotely and re-install the printer drivers without having to incur user’s wrath. Unfortunately, they need me to enter my admin credentials to re-install the same driver that I installed months ago. It woulda been nice if users could have installed the driver from the server themselves – some of them have learned how it’s done.
The only time I would ever trust a downloaded printer driver at the time I am printing something is if it came from a known source on my own network. It’s hard to believe Microsoft thought it was a good idea to allow a website you visit to install a printer driver on your computer. The only way that should be allowed is (1) if you knowingly opt-in to that functionality, and (2) if you say yes to two prompts: “This sort of thing can be dangerous” and “Are you SURE?”.
It’s hard to believe Microsoft thought it was a good idea to allow a website you visit to install a printer driver on your computer.
They didn’t. Just domain print servers:
Point and Print is a term that refers to the capability of allowing a user on a Windows 2000 and later client to create a connection to a remote printer without providing disks or other installation media. All necessary files and configuration information are automatically downloaded from the print server to the client.
Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge
I would like to ask a question, where did UAC go?
Isnt this exactly the case, where it should have pop up and protect the user against attackers?
I mean.. most users put the UAC slider as low as possible, bucause its annoying to click on the Yes sometimes, but this should be exactly the case, where UAC should have raise the question.
“Do you really want to install this driver from the webpage?” for example.
Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise
HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29
PRUSA i3 MK3S+
You may find this interesting — a discussion of the changes Microsoft made to UAC from the initial implementation in Vista. There are really only two effectively distinct settings for the UAC slider
Firefox 91 – You can still maintain the look and feel of the classic Firefox interface in Firefox 91 and do not have to resort to the ESR versions. I don’t pretend this is for the faint of heart, but I’m not a programmer at all and was able to make this work.
First make a complete backup of your Firefox profile before attempting this. If it fails, you’ll want to restore this profile.
Just go to https://github.com/Aris-t2/CustomCSSforFx where you can click on the link “Classic.” There you can download the “userchrome.css” file (or use the one I’ve uploaded to this posting – just change the file name to userchrome.css). Unfortunately, you can’t just download the file (why make it easy for us?). You’ll need to paint and copy the entire file to a text file on your computer — and name the file userchrome.css. If you replace the userchrome.css file in your Firefox profile with this one, you can restore the classic Firefox interface.
This file is built on the old add-ons <span class=”pl-c”>Classic Theme Restorer & Classic Toolbar Buttons. You can activate specific lines by deleting the “/” at the beginning of a line. Among a slew of customizations you can make to the classic Firefox interface this css file provides, you can move the bookmarks toolbar above your tabs as the gods originally intended. You can control the toolbar buttons, customize back and forward buttons, tab appearance and position, and customize a slew of other interface features.</span>
Note the instruction in the file to enable this preference or custom styles will not be loaded:
about:config > toolkit.legacyUserProfileCustomizations.stylesheets > true
I stress, however, make a backup of your Firefox profile before replacing the existing userchrome.css file and keep a backup of the userchrome.css file you download from GitHub. You will need to experiment — a lot — with the changes you make to this customized userchrome.css file. Keep very close track of the changes you make so you can reverse those you don’t like. It takes some time, but you can use this to make Firefox look the way you want as Mozilla updates the browser again and again.
If I was able to make this work, anybody who reads AskWoody can.
We applied the patch to our working stations and VMs some weeks ago. Since that, printing began to be little bit annoying, since there were some changes because of PrintNightmare vunerability. I can see the KB5005033 installed on affected machines.
Some users are not able to print anything, because the printer needs updating the driver and thats not possible without admin rights now.. OK, but the interesting fact is, that:
++ they cant upgrade the driver, unless they enter admin credentials
++ but they can remove the printer
++ and then they can add the printer (with correct driver) by doubleclicking on the desired printer from the printserer without admin rights. No admin login required.
Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise
HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29
PRUSA i3 MK3S+
I’m just seeing that there is a NEW printer vulnerability Microsoft has published, with no patch out there for it yet.
Microsoft’s recommendation: Disable Print Spooler on ANY machine.
Yeah, nice one, Microsoft…
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36958
No matter where you go, there you are.
The Windows print nightmare continues for the enterprise | Computerworld
The August updates are causing issues for group policy deployed printers where you have v3 printer drivers installed. 5005033 is also impacted.
Susan Bradley Patch Lady/Prudent patcher
Is this issue fully solved now? Cant find any info on MSFT web.
Its quite old bug and all we get is admin prompt for standard users denying printing on some printers. While the vulnerability still exists?
Apart of Zebra printers, we get the prompt also with HP and Konica Minolta.
I would expect, that printers mapped directly from domain printserver were considered safe, but obviously its not the case 🙂
Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise
HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29
PRUSA i3 MK3S+
I would not say, that they dont care, maybe its bigger problem, than anticipated. I think its fairly complicated issue. Cant find, if Windows 11 is affected too. I wonder if Win11 are immune to this.
Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise
HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29
PRUSA i3 MK3S+
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 11, Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.
Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.
Mastodon profile for DefConPatch
Mastodon profile for AskWoody
Home • About • FAQ • Posts & Privacy • Forums • My Account
Register • Free Newsletter • Plus Membership • Gift Certificates • MS-DEFCON Alerts
Copyright ©2004-2023 by AskWoody Tech LLC. All Rights Reserved.