alert banner

ISSUE 19.31.1 • 2022-08-04

MS-DEFCON 2: Printing issues, again


By Susan Bradley

This time we’re forewarned, and the problem probably won’t affect many.

Here we go again. Month after month this year, updates have affected printing in some way, and the side effects have ranged from minor to major (such as printers being completely disabled).

Fasten your seatbelts anyway, although chances are that many of us won’t notice this side effect at all. In fact, the security fix causing this side effect has actually been installed on our systems for over a year. Starting with the July and August updates, “hardening” is finally being enabled. Still, prudence demands raising the MS-DEFCON level to 2.

As noted in Microsoft’s support document, the affected devices are smartcard-authenticating printers, scanners, and multifunction devices that either don’t support Diffie-Hellman (DH) for key-exchange during PKINIT Kerberos authentication or don’t advertise support for des-ede3-cbc (“triple DES”) during the Kerberos AS request. If all that sounded like Greek to you, it means you haven’t run up against this problem and you will survive the August updates just fine.

Windows 11 machines will start to see search highlights rolled out. You may remember, search highlights are (to me) slightly annoying cartoons that appear in the search box. Although I find them off-putting, many users think of them as just decoration and don’t notice them. Consumers can disable the search highlights by various means, and business users can do so via Group Policy templates that were installed with the June 2022 Cumulative Update Preview or July 2022 monthly quality update. Go to C:\Windows\PolicyDefinitions and locate search.admx.

Remember to check the Master Patch List page for the recommended deferral date as well as for any late-breaking issues.

Consumer and home users

If you have been fighting with Outlook indexing and Windows 11, help is on the way in the August updates. Microsoft is fixing:

… an issue that causes index rebuilding to be slow. This helps devices that have local search issues, including searching for recent emails in Outlook.

And it is also fixing:

… an issue that causes the Windows profile service to fail sporadically. The failure might occur when signing in. The error message is, “gpsvc service failed to sign in. Access denied.”

Microsoft has already fixed a bug introduced by the optional July updates that:

… caused a small number of devices to be unable to open the Start menu. On affected devices, clicking or selecting the Start button or using the Windows key on your keyboard might have no effect.

This bug has been removed from the August updates and thus won’t be an issue. And that is the primary reason I always recommend to our readers that optional updates not be installed. (Let someone else be the beta tester.) Instead, set a deferral period in the Windows Update section of Settings. Of course, you can also use Windows Update Manager, Windows Update MiniTool, or WUshowhide.

Business users

We often forget that antivirus software is updated on a regular basis. Sometimes a false positive will trigger a failure or, at a minimum, send you down a rabbit hole as you try to find out why your systems aren’t working correctly. In my experience, Microsoft Defender doesn’t break things very often, but any solution may have issues. For Defender, there are ways to either speed up or slow down the updates.

Businesses can use Group Policy to choose specific channels to deploy on your networked PCs, depending on your needs and your tolerance of risks. Note that Group Policy solutions also apply to standalone systems running Windows Pro. I’ll be testing whether Registry keys can be used to manage Defender on other Windows SKUs, including Home editions, and will report. Stay tuned.



Talk Bubbles Join the conversation! Your questions, comments, and feedback
about this topic are always welcome in our forums!

Susan Bradley is the publisher of the AskWoody newsletters.

The AskWoody Newsletters are published by AskWoody Tech LLC, Fresno, CA USA.

Your subscription:

Microsoft and Windows are registered trademarks of Microsoft Corporation. AskWoody,, Windows Secrets Newsletter,, WinFind, Windows Gizmos, Security Baseline, Perimeter Scan, Wacky Web Week, the Windows Secrets Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of AskWoody Tech LLC. All other marks are the trademarks or service marks of their respective owners.

Copyright ©2022 AskWoody Tech LLC. All rights reserved.