KB4599464 enforcement broke our shared printers

Question

question

DanielKaliel-3171 asked Oct 7, '21 jw-7678 edited Nov 11, '21

KB4599464 enforcement broke our shared printers

Despite the fact that our users are (not for long) admins on their PCs with Windows 10 20H2 and have the September 2021 update, when we applied the September 2021 update to the print server everyone lost connectivity to all the printers. The only way to get the printers back was to set:

RpcAuthnLevelPrivacyEnabled to 0

on both the workstations and the server. The server is 2012 R2. Did I miss something? Driver updates and firmware updates on the printers didn't help. We would prefer to have these security features in place but printing is essential to our business.

windows-server-print

· 1

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

jw-7678 · Nov 11, 2021 at 03:42 PM

We are experiencing the same issue but on a server 2016 print server. Even though both client and server are updated with KB5006669, with print nightmare fixes in place, clients cannot connect to the printer and get error 0x0000011b Client cannot connect to printer.

Microsoft states that KB5006669 resolves the RPC vulnerability (CVE-2021-1678) mitigation issue as long as it is installed on both client and print server - see known issues at: https://support.microsoft.com/en-us/topic/september-14-2021-kb5005573-os-build-14393-4651-48853795-3857-4485-a2bf-f15b39464b41

However, this is not the case. We still must set the "RpcAuthnLevelPrivacyEnabled to 0" key value to allow users to connect to shared printers.

Known issues for Windows 2016 and Windows 2012 state that there might be RPC ports being blocked that are preventing users from connecting to printers. Is this the cause, even with RPC and print nightmare vulnerabilities patched and resolved?

Windows 2016 known issue: https://docs.microsoft.com/en-us/windows/release-health/status-windows-10-1607-and-windows-server-2016#2737msgdesc

Windows 2012 known issue: https://docs.microsoft.com/en-us/windows/release-health/status-windows-server-2012#2737msgdesc

0 ·

Answer 1 · 2021-10-08T14:06:52.433Z

LimitlessTechnology-2700 answered Oct 8, '21 DanielKaliel-3171 commented Oct 8, '21

Hello DanielKaliel

This is related to the installation of some updates that patch a vulnerability of the printer service called "PrintNightmare". This enforces to have local administrator rights to be able to map Printers into the respective client.

Please check Microsoft guide on how to deploy Printers the "safe way" after this update, here: https://support.microsoft.com/en-us/topic/kb5005652-manage-new-point-and-print-default-driver-installation-behavior-cve-2021-34481-873642bf-2634-49c5-a23b-6d8e9a302872

--If the reply is helpful, please Upvote and Accept as answer--

· 1

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DanielKaliel-3171 · Oct 08, 2021 at 02:51 PM

Ya we went through that.

Here is our scenario:

Printers drivers are baked into the image
Admin level doesn't change affect the outcome for us
Printers disappeared across the company
All workstations and servers have the September 2021 updates applied.

But all the printers come back when we set RpcAuthnLevelPrivacyEnabled to 0.

0 ·

question