Smart Card printing failure mitigation to be removed by Microsoft

by Alexandru Poloboc
Alexandru Poloboc
Alexandru Poloboc
News Editor
With an overpowering desire to always get to the bottom of things and uncover the truth, Alex spent most of his time working as a news reporter, anchor,... read more
Affiliate Disclosure
  • Microsoft is planning to remove one of its contingency measures. 
  • Of course, we're talking about Smart Card printing and scanning.
  • Now, the tech company is going to delete this mitigation solution.
windows spool

It’s no secret that, sometimes, Patch Tuesday updates can lead to other issues, been though they are designed for fixing certain problems.

And, since we’re on the topic, such was the case for the July 2021 Patch Tuesday which broke printing and scanning while using Smart Card authentication.

Back when this was happening, Microsoft provided mitigation solutions for this issue, so it was about time for the situation to be dealt with accordingly.

What is Microsoft planning to do?

However, the Redmond tech giant has announced that it will be removing these mitigations soon, starting with the upcoming July 19 update that will be out in a few days time.

As you already know, on July 13, 2021, Microsoft released hardening changes for Windows Key Distribution Center Information Disclosure Vulnerability, CVE-2021-33764.

After these  changes are applied, smart card (PIV) authentication might cause print and scan failures when you install updates released on July 13, 2021, or later versions on a domain controller (DC).

Thus, the affected devices are smart card authenticating printers, scanners, and multifunction devices that don’t support either Diffie-Hellman (DH) for key exchange during PKINIT Kerberos authentication or don’t advertise support for des-ede3-cbc (“triple DES”) during the Kerberos AS request. 

As a result, a temporary mitigation was released in Windows Updates between July 29, 2021, and July 12, 2022, and was made available for organizations that encountered this issue and couldn’t bring devices into compliance as required for CVE-2021-33764.

So, according to the latest statements coming out of Redmond, starting in July 2022, this temporary mitigation will not be usable in security updates.

Why, you ask? Well, the Windows July 2022 preview update will remove the temporary mitigation and will require compliant printing and scanning devices. 

The conclusion is that, as of July 19, 2022, there will be no further fallback option in later updates, and all non-compliant devices must be identified using the audit events starting in January 2022 and updated or replaced by the mitigation removal

This article covers:Topics: