print spooler print nightmare Patch Deployment

Dexter Southerland 1 Reputation point
2021-07-26T11:56:24.757+00:00

Hi
I need some help on understanding deployment and Guidance.

  1. Windows 10:
    Some PC's download patch just find from Windows update. Other's will not , but let me apply patch KB5004945 from catalog download. The rest do not download from updates and when I apply KB50004945 I get "The update is not applicable to your Computer".
  2. Server 2019:
    I am having a similar experience. With KB5004947.
  3. Server 2016 , 2012, and 2008 I can not find were patch is coming down or I get "The update is not applicable to your Computer".
  4. I see the same issue with windows 7, but I just read that if the customer did not sign up for extended security support. The patch will not apply.
    I am confused? Can someone please Help.
    I thank you very much in advance!
    Dexter Southerland
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,205 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,767 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Dave Patrick 426.1K Reputation points MVP
    2021-07-26T12:27:07.723+00:00

    update is not applicable

    This would be expected behavior if either a prerequisite has not been met (SSU?) or if a later cumulative update has been installed. For most if you have the July 6 out of band or a later cumulative update then the OS is patched for print nightmare

    1. July 6, 2021—KB5004945 (OS Builds 19041.1083, 19042.1083, and 19043.1083) Out-of-band
    2. July 6, 2021-KB5004947 (OS Build 17763.2029) Out-of-band
    3. July 7, 2021—KB5004948 (OS Build 14393.4470) Out-of-band
    4. July 6, 2021—KB5004954 (Monthly Rollup) Out-of-band
    5. July 6, 2021—KB5004953 (Monthly Rollup) Out-of-band

    In the case of the last one (2008 R2) support ended January 14, 2020 unless you have purchased extended security updates

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    0 comments
  2. Andy YOU 3,071 Reputation points
    2021-07-27T03:36:39.367+00:00

    HI

    1.Windows 10
    KB5004945 can only be applied to below win10 OS version.
    Windows 10, version 2004, all editions Windows Server version 2004 Windows 10, version 20H2, all editions Windows Server, version 20H2, all editions Windows 10, version 21H1, all editions

    If you want to install KB5004945 on win10(1909), there will be "The update is not applicable to your Computer", So we need to install KB5004946 on win10(1909).
    (1)Could you please enter winver in command prompt on all win10 computers and look the os version and os version number ?[for example windows 10 enterprise 1809 (os build 17763.316)]
    (2)Could you please browse below document and install appropriate KB to meet your win10 OS?
    Windows Print Spooler Remote Code Execution Vulnerability
    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527

    2.Server 2019:
    Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU).
    So sometime if we not install SSU or have installed the later update patch(like KB5004244) is published after KB5004947.We will get a similar experience.
    We can enter below command in powershell and check if have installed the LCU which is after KB5004947.
    get-hotfix

    Windows 10 and Windows Server 2019 update history
    https://support.microsoft.com/en-us/topic/windows-10-and-windows-server-2019-update-history-725fc2e1-4443-6831-a5ca-51ff5cbcb059

    3."Server 2016 , 2012, and 2008 I can not find were patch is coming down"
    We can find the specified KB for specified OS in below link and download that KB in Microsoft update catalog website.
    Windows Print Spooler Remote Code Execution Vulnerability
    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527

    KB5004948 for 2016
    KB5004956 for 2012
    KB5004954 for 2012r2
    KB5004955 for 2008
    KB5004953 for 2008 R2

    Microsoft update catalog website
    https://www.catalog.update.microsoft.com/Search.aspx?q=KB5004955

    4."I see the same issue with windows 7, but I just read that if the customer did not sign up for extended security support. The patch will not apply."
    For Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1, extended support ends on January 14, 2020.This would be expected behavior unless we purchase extended security updates for win7 and server 2008r2.

    ============================================
    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments
  3. Dave Patrick 426.1K Reputation points MVP
    2021-07-27T12:49:04.407+00:00

    Just checking if there's any progress or updates?

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    0 comments