Since June 2021 Microsoft has been struggling to use updates to close various vulnerabilities in the Windows printer spooler service that are grouped under the name “PrintNightmare”. Since these vulnerabilities are used by cyber criminals for attacks and, on top of that, new attack options are continuously added by means of further vulnerabilities, it is urgently advisable to quickly import the security updates that appear on the monthly patch day.
However, there have been problems since July 2021: After installing the updates, printers or individual printing functions no longer work. The security updates October 12, 2021 (KB5006670) for Windows desktop and server versions are no exception. Microsoft has confirmed some problems; however, there are still no definitive solutions.
Microsoft acknowledges and works on old problems
Last month we reported on heise online about printing problems with the KB5005565 update from September 2021. Meanwhile, Microsoft has these problems in the Supportbeitrag KB5006670 confirmed. Accordingly, the installation of printers using Internet Printing Protocol (IPP) may not complete successfully after installing KB5005565. Devices that were connected to the printer before KB5005565 was installed and that had drivers installed are not affected. The current status is that Microsoft is working on a solution and will publish it in a future update.
A second problem confirmed by Microsoft, on the other hand, is said to have been resolved by the current update KB5006670. the Problem description in Windows 10 21H1 status area: After installing the September update on a print server, the print properties defined on this server may no longer be properly provided to clients. As a result, the custom settings defined on the server (such as duplex printing settings) were no longer applied automatically. The clients only printed with their default printer settings.
The history of the problem-solving seems a bit confusing: The date of publication of the October update is indicated as the “Resolved” date – however, there is a note below that the entry was (re) opened one day later, on October 13th . It therefore remains unclear whether the problem still persists.
Existing and new construction sites
The history of another problem is similarly confusing dated (“Resolved”: 2021-10-12, but “Opened”: 2021-10-15), which according to Microsoft should also have been introduced by KB5005565 associated support contribution affected all Windows clients from Windows 7 SP1 to Windows 11 as well as the server counterparts. In some network environments, under certain conditions, it means that the clients can no longer print on the servers: Administrator rights are required to install a printer driver.
In fact, administrators reported in the Autors Blog and in various forums the occurrence of the problem just described explicitly after installing the current update KB5006670. This shows that the problem either actually persists – or that KB5006670 has (additionally) opened new construction sites. There is an argument in favor of the latter variant new support article from Microsoft (“Opened”: 2021-10-15), which officially confirms current problems under the heading “Receiving a prompt for administrative credentials every time you attempt to print”, identical to the first case. The description of the problem corresponds to that in the older article. The company does not provide a causal update this time. A solution is being worked on and it is estimated that it will be available by the end of October.
If it is a new problem introduced with KB5006670, it is likely to be related to a specific vulnerability fix: On October 12, 2021, Microsoft released the CVE-2021-36970 spoofing vulnerability closed in the printer spooler service by corresponding security updates for Windows 7 to Windows 11 and their corresponding server counterparts. The vulnerability was discovered by security researchers XueFeng Li and Zhiniang Peng from Sangfor, who are also listed as discoverers of the PrintNightmare vulnerability CVE-2021-1675. However, a connection has not yet been confirmed, so this is only a matter of speculation for the time being.
Workarounds from September continue to be helpful
Some administrators were able to use the measures mentioned in the heise online article on the printing problems from September as well as with on the group guidelines website. de group policies listed to disable the requirements for administrator rights. For other sufferers, updating the printer driver to V4 driver helped.
In different forums and other news reports are currently being discussed homemade “problem solutions” by admins, in which (using a script) two new file versions (win32spl.dll and spoolsv.exe) are replaced with older ones and the print service is restarted. Since some readers reported possible complications in the author’s blog, this approach should be used with great caution, especially in corporate environments. In view of the resulting risk of attacks, uninstalling and blocking security updates is by no means not a recommended approach.
In case of doubt, it remains to wait for the problem solution announced by Microsoft – and this time hopefully the final one.