Microsoft rolls out KB5004945 emergency Windows Update to fix PrintNightmare vulnerabilities, but it seems to be affecting Zebra printers
Microsoft has had a troubled year dealing with Windows Updates causing printer issues. The latest problem that has affected printers is called PrintNightmare, which is a remote code execution vulnerability.
Martin wrote an article about this, where he explains a couple of workarounds to deal with the issue that exploits the Print Spooler service.
Microsoft is rolling out an emergency Windows Update called KB5004945 to address the PrintNightmare vulnerabilities. The CVE-2021-34527 security advisory, confirms that the issue affects all versions of Windows. The announcement page for the update recommends users to install the update as soon as possible.
The summary for the patch states that it fixes the remote code execution vulnerabilities.
KB5005010 Update
The release notes for a second patch, called KB5005010, tell us that the update will prevent non-administrator users from installing new printer drivers. The operating system will only allow signed printer drivers for delegates, while non-signed drivers will require admin privileges. The security fix changes the Point and Print policy's registry value to 0, to prevent unauthorized elevation of privileges.
The July 2021 out-of-band update will appear as a cumulative update. It is also available from the Microsoft Windows Update Catalog. You will need to restart the computer to finish patching the computer. It bumped the version number from Windows 10 2004 Build 19041.1055 to Build 19041.1083. The update isn't available for the Windows 11 Insider Preview build that was released a week ago, and rumors suggest that this could be one of the reasons by the Beta release that was scheduled to be released this week has been postponed.
KB5004945 is preventing Zebra printers from printing
Users at the Reddit's sysadmin forums have reported that the KB5004945 update is preventing Zebra printers from printing documents, and that the company's customer support has instructed users to roll back (aka uninstall) the update, to get the devices working.
Hackers say they have bypassed the patch
While it appears that the printing security woes have been resolved, security researchers say they have bypassed the security patches that were included in the KB5004945 emergency update. If the computer has already been configured to use the Point and Print policy, hackers can invoke the LPE (local privilege escalation) or RCE (Remote Code Execution) to gain access to the system. The company has told Bleeping Computer that it is investigating the bypasses.
The researchers term the update as unsatisfactory (or incomplete), as in it doesn't protect the systems completely, and have advised users to keep the Print Spooler service disabled, until a proper fix is issued by Microsoft.
I'm no security expert, but from my understanding, the bypass only appears to be valid when the Point and Print policy has been enabled, and has been configured not to show the elevation prompt. However, Microsoft's support page clearly indicates that the registry key for the policy does not exist, and that the elevation prompt is not hidden, which theoretically means that users should be safe if they have installed the patch.
To make sure you aren't affected, you can manually create the registry key as follows,
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint
NoWarningNoElevationOnInstall = 0 (DWORD) or not defined (default setting)
NoWarningNoElevationOnUpdate = 0 (DWORD) or not defined (default setting)
Are you facing any printer issues since installing the KB5004945 update?
It’s been *ages* since I had to print a zebra, so I’m not too concerned.
The news articles all emphasize that the update includes Windows 7. “Despite announcing that it would no longer issue updates for Windows 7, Microsoft issued a patch for its 12-year old operating system, underscoring the severity of the PrintNightmare flaw.” Henry, did you go to the Windows Update Catalog and try installing the update from there? I’m guessing you did, since it doesn’t appear in the automatic Windows Updates. Is it possible that Microsoft forgot about Windows 7?
now MS says those certain printing problems are “resolved” by using “known issue rollback” as of July 9:
https://docs.microsoft.com/en-us/windows/release-health/resolved-issues-windows-10-21h1#1647msgdesc
Well on my system everything appears oversaturated. Desktop background bleeds through the taskbar. Uninstall update and display and colors are back to normal. No where in the update does it mention anything about colors or display.
Your issue sounds like a tactic that hackers employ to get victims to uninstall their security updates.
Thanks, after removing KB5004945 zebra works
Doesn’t install on Windows 10 2004.
=========================
2021-07 Cumulative Update for Windows 10 Version 2004 for x64-based Systems (KB5004945)
CAB SHA256: 7FDE484570594FB594EC07B1CF3444118494FC8649B798F172EE7587A6AD0421
=========================
E:\USER\Install\WinUpdate>DISM.exe /Online /Add-Package /PackagePath:E:\USER\Ins
tall\WinUpdate\Windows10.0-KB5004945-x64.cab
Deployment Image Servicing and Management tool
Version: 10.0.19041.572
Image Version: 10.0.19041.630
An error occurred trying to open – E:\USER\Install\WinUpdate\Windows10.0-KB50049
45-x64.cab Error: 0x800f0823
The specified package cannot be added to this Windows Image due to a version mis
match.
Update the Windows image and try the operation again.
Error: 0x800f0823
The specified package cannot be added to this Windows Image due to a version mis
match.
Update the Windows image and try the operation again.
=========================
The DISM log just repeats the mismatch error in the version Window and otherwise looks normal.
As far as I’m aware the last service stack update for Windows 10 2004 was 1/21/2021 (KB4598481), which I reinstalled for troubleshooting. The reinstall worked but it did not solve the above issue.
> Are you facing any printer issues?
Nope.
We print with an old offline/not-networked Win7 32bit box hooked to a printer. We use thumb drives to get our files to that system.
The laser printer we use is from the XP days, thus it has no proper drivers for Win10.
We do much work with older hardware we keep offline, that still works great.
No worries here.
More work for me. This will take down our whole lab building if pushed.
Never updated since first installing 1709 enterprise. Why do I never have these nightmare problems? My 20H2 laptop is running worse. Power settings don’t work anymore because of Modern Standby, old S3 settings worked without any problems.
Probably the real reason why MS has forked Win 11 from Win 10 is because they know they can’t fix 10. It’s a dumpster fire. I doubt they will be able to fix 11 either. They’ve succeeded in now doubling the amount of code they have to maintain.
Remote desktop redirected printers don’t work
The update for Windows 7 is KB5004953 ( https://support.microsoft.com/en-us/topic/july-6-2021-kb5004953-monthly-rollup-out-of-band-b0e3bd48-924b-45c5-8b54-d8317aa62901 ).
Is it only available to ESU clients? The article in the link seems to say that, although I may have misunderstood. My system is supported for ESU, but I don’t belong to the program.
To quote the article, “After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer”, and the update might show as Failed in Update History. This is expected in the following circumstances:
1. If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181.
2.If you do not have an ESU MAK add-on key installed and activated.
3. If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated.
Indeed, I have not been able to update Windows Embedded STandard 7 or 7 Pro systems to KB5004953 for the same reason.
I would think if Microsoft was being genuine in extending this security patch to its older Windows 7 base, it would not dangle the ESU requirement infront of everyone.
I don’t believe most users of these OSes are subscribed to the ESU program.
All Zebra printers do no longer print.
Printing documents with Adobe Reader via ShellExecute API (open) also stopped working, documents are sent to the spool but are not printed.
After removing KB5004945 all zebra printers work again.
Windows 7 and 8.1 have different KB articles, and different patches.
* Windows 7 Monthly Rollup Update: https://support.microsoft.com/en-us/topic/july-6-2021-kb5004953-monthly-rollup-out-of-band-b0e3bd48-924b-45c5-8b54-d8317aa62901
* Windows 7 Security Only Update: https://support.microsoft.com/en-us/topic/july-6-2021-kb5004951-security-only-update-out-of-band-e05a81cd-9b45-4622-b715-ddb2367bca47
* Windows 8.1 Monthly Rollup Update: https://support.microsoft.com/en-us/topic/july-6-2021-kb5004954-monthly-rollup-out-of-band-8e7742b6-8a42-41ab-86dd-0dd0b36b4139
* Windows 8.1 Security Only Update: https://support.microsoft.com/en-us/topic/july-6-2021-kb5004958-security-only-update-out-of-band-d439df52-8f5a-4cb8-9d0d-c2f1bb036a5e
Thanks John Wold. I downloaded the security only file for Windows 8.1
I have left out ALL Updates since August and September 2019 when they trashed my computer. I see that you downloaded Security Only Update – what is your experience please – because THIS problem appears far more serious than in the past two years and I feel obliged to use it?
Had an issue with a customer’s thermal printer yesterday. This was the cause. Microsoft just has a bad track record with updates breaking printers, huh? I remember a couple years ago they pushed out an update that broke certain Epson printers.
Windows 10 is the only OS which appears on the MS Catalog site so I guess the vulnerability doesn’t affect Windows 8.1 or 7.
All Zebra printers do no longer print.
After removing KB5004945 all zebra printers work again.
All of my Zebra printers do not print either but do again after removing KB5004945.
Does anyone know a way around this update to keep my printers functioning?
@Bob
Unplug your printers and/or that system/network from the web. Use thumb drives to move your print jobs to those printers/system.
As policy, we always do this in our office, thus avoiding this security issue many are having now.
So glad I found this page. Had the issue but also had a blackout near the same time as the update so tracking down the source of the issue was harder.