Microsoft has released an out of band non-security update to fix a bug in some business printers and scanners that use a smart card for authentication.
The update, KB5005394, addresses an issue in Windows 10 version 1809 — Windows 10 Enterprise 2019 LTSC — that caused printers, scanners and multifunctional devices (MFDs) to not function. The update bumps up the OS build number to 17763.2091.
The issue stems from a July 13 update to harden the Windows 10 against the security vulnerability tagged as CVE-2021-33764.
Printers and MFDs that were affected were not compliant with the authentication specification RFC 4556. Microsoft advised admins to verify that the latest firmware and drivers for these devices were installed and promised a mitigation, which it's been delivering to different versions of Windows 10 over the past week.
Microsoft released fixes for the same smart card authentication issue for newer versions of Windows 10 last week.
"After installing updates released July 13, 2021 on domain controllers (DCs) in your environment, printers, scanners, and multifunction devices that are not compliant with section 3.2.1 of RFC 4556 spec might fail to print when using smart card (PIV) authentication," it noted in advisories for Windows 10 20H1 and Windows 10 2004.
In a separate support note, Microsoft explains printers and MFDs were affected if they don't support Diffie-Hellman for key-exchange or or advertise support for des-ede3-cbc ("triple DES") during PKINIT Kerberos authentication.
The issue affected all versions of Windows, including:
- Client: Windows 10, version 21H1; Windows 10, version 20H2; Windows 10, version 2004; Windows 10, version 1909; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise 2015 LTSB; Windows 8.1; Windows 7 SP1
- Server: Windows Server, version 20H2; Windows Server, version 2004; Windows Server, version 1909; Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2