Recently, Windows 10 system has reported multiple printing-related issues. Last week, Microsoft admitted that in some cases, there are indeed BUGs that affect printing and scanning functions, and will affect a small number of devices. These problems appeared after the Patch Tuesday event day of this month. In addition to Windows 10, Windows 8.1/7 systems were also affected.
Microsoft has now released a “reinforcement fix for the CVE-2021-33764 vulnerability”, Microsoft said:
The affected devices are mainly smart card-authenticated printers, scanners, and multi-function devices, which do not support DH or advertise support for des-ede3-cbc (“triple DES”) in the Kerberos AS request.
According to section 3.2.1 of the RFC 4556 specification, in order for this key exchange to work, customers must support and notify the Key Distribution Center (KDC) of their support for des-ede3-cbc (“triple DES”).
If a customer starts Kerberos PKINIT in encrypted mode, but neither supports nor tells KDC that they support des-ede3-cbc (“triple DES”), they will be rejected.
Currently, Microsoft has released an emergency out-of-band update for Windows 10 Version 1809/1607. It is not clear when other updated versions of Windows 10 will be updated. The update reads: “Fix a problem that may prevent printers, scanners, and multifunction devices from working. This problem occurs on devices that do not meet certain specifications and use smart card authentication.”
- Client: Windows 10, version 21H1; Windows 10, version 20H2; Windows 10, version 2004; Windows 10, version 1909; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise 2015 LTSB; Windows 8.1; Windows 7 SP1
- Server: Windows Server, version 20H2; Windows Server, version 2004; Windows Server, version 1909; Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2