News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • MS-DEFCON 2: Print Nightmare causes printing nightmares

    Home Forums AskWoody blog MS-DEFCON 2: Print Nightmare causes printing nightmares

    Viewing 16 reply threads
    • Author
      Posts
      • #2376251
        Susan Bradley
        Manager

        ISSUE 18.25.1 • 2021-07-07 PATCH WATCH By Susan Bradley Microsoft has released an emergency update for a Print Spooler vulnerability. Consumer and hom
        [See the full post at: MS-DEFCON 2: Print Nightmare causes printing nightmares]

        Susan Bradley Patch Lady

        3 users thanked author for this post.
      • #2376269
        MHCLV941
        AskWoody Plus

        Microsoft missed the Dymo printers this time?   I hope!!!

      • #2376282
        techweenie
        AskWoody Lounger

        That patch has already been exploited.  It’s effectively useless if you use Point and Print.

        Linky

      • #2376266
        anonymous
        Guest

        Susan,

        This saved me from deploying to desktops with attached Zebra printers. Thank you!

        Re. servers, it sounds like you’re saying Print Spooler isn’t needed? I have e.g. Essentials 2012R2 and 2016 servers (which include AD) running Print Management. The printers are shared through the server. Isn’t Print Spooler needed for them? Fortunately in that case, no Zebras involved. Shouldn’t I patch those servers ASAP?

      • #2376285
        anonymous
        Guest

        Windows 10 Pro x 64

        I am a home user who chose the Pro version for greater control over updates. I have a wireless printer setup (Epson Eco Tank). The options referenced in the out of band MS link in the main post seemed to imply that both “fixes” disable remote printing.

        Could you please explain, in lay terms, what I need to do as a home user of the Pro version. Should I be concerned about this exploit? My printer is on only when I need to use it.

        Thanks!

        1 user thanked author for this post.
        • #2376289
          Susan Bradley
          Manager

          The options (those registry keys) are only needed in a network environment. I see this as a bigger threat to firms than home users at this time. If I change my mind, I’ll let you know.

          Susan Bradley Patch Lady

          2 users thanked author for this post.
          • #2376294
            anonymous
            Guest

            Thank you. I went ahead and disabled the Print Spooler through Group Policy. I can still print wirelessly.

      • #2376298
        Susan Bradley
        Manager

        Shawn reports on the patchmanagement.org list:  I have two clients that have had problems with QuickBooks POS 19 detecting the Ingenico PIN Pad 350 (iPP350) after installing the
        kb5004945 update. Removing the update and restarting allows the pin pad
        to be detected and function again.

        Susan Bradley Patch Lady

      • #2376322
        MHCLV941
        AskWoody Plus

        The options (those registry keys) are only needed in a network environment. I see this as a bigger threat to firms than home users at this time. If I change my mind, I’ll let you know.

        Home networks are pretty common these days and at least some of them use network printing, either because a printer is attached to one PC and shared for other machines to use or because the printer itself is on the network and all the machines talk to it directly.

        For that matter, if I disable the print spooler on my PC, none of my printers, directly connected, networked, even virtual (like CutePDF) are accessible.   I read a note from Microsoft about selecting “Print directly to printer” but that does not work with a Dymo printer connected directly to my computer.

        IS there a way to print without having the print spooler running?

         

         

      • #2376371
        gborn
        AskWoody_MVP

        I’ve compiled an overview of the chaos, the out-of-band PrintNightmare patches are creating.

        The Chaos PrintNightmare Emergency Update (July 6/7, 2021

        Ex Microsoft Windows (Insider) MVP, Microsoft Answers Community Moderator, Blogger, Book author

        https://www.borncity.com/win/

        3 users thanked author for this post.
      • #2376374
        MrToad28
        AskWoody Lounger

        This warning specifically names ‘Zebra Label Printers’ as having critical risk. I don’t have a zebra..just HP printers…Does that mean I don’t need to address this?

        Thanks

        • #2376377
          b
          AskWoody MVP

          This warning specifically names ‘Zebra Label Printers’ as having critical risk.

          It doesn’t. The patch breaks Zebra Label Printers.

          I don’t have a zebra..just HP printers…Does that mean I don’t need to address this?

          No.

          Windows 10 Pro version 21H2 build 19044.1149 + Microsoft 365 (group ASAP)

          1 user thanked author for this post.
      • #2376413
        Alex5723
        AskWoody Plus

        The patch breaks Zebra Label Printers

        And not for the first time.

      • #2376503
        Graham
        AskWoody Plus

        0Patch has fixes for this (I haven’t verified their effectiveness.)

      • #2376502
        anonymous
        Guest

        Left my W10 machines idling, while I did some chores.
        Downloaded & Installed to all machines.
        Apparently no problems; but then, what’s a soft-connect label maker, printer anyway ?

      • #2376537
        Coldheart9020
        AskWoody Lounger

        Will sit KB5004945 out and wait for Patch Tuesday next week. I’m not even going to bother hiding it as it will be automatically superseded and removed by the B week 2021-07 CU.

      • #2376548
        Alex5723
        AskWoody Plus

        Microsoft: Our PrintNightmare patch is effective, you’re just using Windows wrong

        …Our investigation has shown that the OOB security update is working as designed and is effective against the known printer spooling exploits and other public reports collectively being referred to as PrintNightmare. All reports we have investigated have relied on the changing of default registry setting related to Point and Print to an insecure configuration….

        1 user thanked author for this post.
      • #2376611
        MHCLV941
        AskWoody Plus

        Microsoft: Our PrintNightmare patch is effective, you’re just using Windows wrong

        …Our investigation has shown that the OOB security update is working as designed and is effective against the known printer spooling exploits and other public reports collectively being referred to as PrintNightmare. All reports we have investigated have relied on the changing of default registry setting related to Point and Print to an insecure configuration….

        Gee, I didn’t know mucking around with “default registry setting related to Point and Print” was such a popular pastime that all these security researchers would have engaged in it.

        From that same article:

        Note that the security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as “PrintNightmare”, documented in CVE-2021-34527.

        KB5004945 was re-released on 6 July so maybe now it does cover both vulnerabilities but nothing about Zebra printers.   After getting burned on Dymo printers a couple of months ago, one would think Microsoft would a few of each for testing.

      • #2376643
        EP
        AskWoody_MVP
      • #2376674
        Lars220
        AskWoody Plus

        More information about the PrintNigtmare type printing issues from Mayank Parmar at Windows Latest website on July 9, 2021:
        Microsoft is rolling out emergency fix for Windows 10 printing issues

        “Microsoft is using a feature called “Known Issue Rollback” to quickly roll back non-security fixes that are causing problems for users. Using KIR, Microsoft can turn off problematic code without releasing another cumulative update or workaround.”

        We can check if we have received the KIR fix by checking the Registry;

        “To verify the fix, open Registry Editor and navigate to the following path:
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FeatureManagement\Overrides\4\1861952651
        If the above path and KIR ID exists, the server-side patch has been installed on the device.”

        If you do not see the ID wait for a day or two as the fix is slowly rolling out. In addition to printing problems, Microsoft is also planning to address the performance and taskbar issue with July 2021 security patch. I have received this KIR ID# 1861952651 in one of the “Stealth Updates”.

    Viewing 16 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, no politics or religion.

    Reply To: MS-DEFCON 2: Print Nightmare causes printing nightmares

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.