Microsoft's latest attempt to patch PrintNightmare vulnerabilities causes network printing...

Jimmy2x

Posts: 23   +3
Staff
Why it matters: Microsoft's attempt to resolve the PrintNightmare vulnerability has resulted in unforeseen network printing issues. Network administrators must now decide between patching a critical vulnerability or retaining required print capabilities for their organization until further resolution is provided.

Microsoft's most recent Patch Tuesday release may have resolved the final remains of the PrintNightmare vulnerabilities, but in doing so, may have also impacted users' ability to access network printer resources. The vulnerability, identified in June 2021, provides the unwanted ability to initiate remote code executions (RCEs) via the long-plagued Windows Print Spooler.

While the latest patch did resolve the current vulnerability, it also introduced a new problem: the inability of some users to access network printers. Network administrators responsible for managing system patching have reported problems ranging from event logs recording error 4098 warnings to missing printer ports to access denied errors preventing use. The reported issues are currently being resolved by rolling back the update.

Microsoft's latest print spooler-based common vulnerability and exposure (CVE) article addressed a finding allowing attackers who successfully exploited the vulnerability to execute code with elevated privileges via remote code execution. This escalated privilege would allow the attacker to access and gain unwanted control of the target machine. Unfortunately for Microsoft, the print spooler service is no stranger to security risks and vulnerabilities. Since 2020, there have been several CVEs released related to the service.

RCE attacks are a particularly dangerous and damaging type of attack due to their invasive nature. An attacker can gain control of a target machine, manipulate programs and data, or even create new accounts with full access rights by executing malicious code. These attacks became particularly prevalent during the initial crypto-mining boom in 2017 and continue today.

Attackers use available exploits, such as web application code vulnerabilities, to install malware designed to download and run CPU-based mining programs. The programs run silently in the background, robbing unknowing users of computing resources and impacting overall usability while using the hijacked resources to illegally mine cryptocurrency.

The post-patch network printing bug has been verified across multiple models and manufacturers. However, the problem does not appear to impact those users connected to a printer via universal serial bus (USB) connections.

Permalink to story.

 

Theinsanegamer

Posts: 2,724   +4,259
MS, fumbling fixes since 1985.

Maybe instead of hardcoding TPM and DX12 ultimate requirements intot heir new UI they should focus on fixing their decades old subsystems, or replace them entirely with new ones that actually work.

OTOH if they tried that I'm sure MS would come up with some BS excuse why laserjets from before 2018 wouldnt work with the new system unless it was a HP 1022n, and inkjets can all work but only through parallel ports.
 

MisterSpock

Posts: 20   +52
<quote>However, the problem does not appear to impact those users connected to a printer via universal serial bus (USB) connections.</quote>

Does this include USB printers that are additionally shared across a network or domain through whatever machine it's plugged into?
 

Hexic

Posts: 1,053   +1,561
TechSpot Elite
This was a nightmare for us Thursday and Friday. The fix was rolling back on the update on our printer servers.

Same for us - our Patching teams were contacting every IT application team informing them that their app servers were to be updated/rebooted via an emergency exception the past two weekends.

Those poor b@stards had hit >1200 servers as of last weekend and weren’t even done with our NA universe. Sleep must not be a priority for those poor guys right now.
 

maestro0428

Posts: 42   +38
Yup. My university had issues with the update. Most people couldn't print. Glad I don't work in that dept.
 

theruck

Posts: 382   +216
I always wondered what are the testing procedures for fixes in the richest company in the world
fortunately everybody knows what to do as this is not the first nor the last time your infrastracture goes south due to the newest recomended patch
 

Theinsanegamer

Posts: 2,724   +4,259
I always wondered what are the testing procedures for fixes in the richest company in the world
fortunately everybody knows what to do as this is not the first nor the last time your infrastracture goes south due to the newest recomended patch
Non existent now, Nadella gutted the windows Q+A team when he took over.
 

Watzupken

Posts: 339   +320
Non existent now, Nadella gutted the windows Q+A team when he took over.
The funny thing is that MS actually got users to test it for them. Despite all these user testings, they've fumbled with every update. I don't believe that the testers don't tell them about the issues they find. Rather, is MS actually making an effort to fix them before releasing?
I think software companies are obsessed about improving visuals/ UI, but failed to fix the fundamental issues with their software. While it is not possible to figure out all the issues/ bugs/ vulnerabilities all at once, this printer vulnerability have been around for a long time.
 

Neatfeatguy

Posts: 499   +834
The funny thing is that MS actually got users to test it for them. Despite all these user testings, they've fumbled with every update. I don't believe that the testers don't tell them about the issues they find. Rather, is MS actually making an effort to fix them before releasing?
I think software companies are obsessed about improving visuals/ UI, but failed to fix the fundamental issues with their software. While it is not possible to figure out all the issues/ bugs/ vulnerabilities all at once, this printer vulnerability have been around for a long time.

Sounds like Steam when they forced out the updated UI 2 years ago. Beta testers told them of countless issues, yet they never fixed them or as they "fixed" them as time went on, they created other issues and ignored yet even more that people still complain about.

.....Maybe MS and Steam use the same 2 employees for coding and testing?
 

Hexic

Posts: 1,053   +1,561
TechSpot Elite
Sounds like Steam when they forced out the updated UI 2 years ago. Beta testers told them of countless issues, yet they never fixed them or as they "fixed" them as time went on, they created other issues and ignored yet even more that people still complain about.

.....Maybe MS and Steam use the same 2 employees for coding and testing?
Still more employees than their current new game development team!

I haven’t witnessed a new IP from Valve for many years. Must still be riding the coattails of Steam.
 

p51d007

Posts: 2,853   +2,218
Driving our company nuts. 4 different states we do service work on printers, copiers, production printers etc. Seems like every WEDNESDAY after patch Tuesday, we end up with a bunch of calls because "it won't print".
 

ypsylon

Posts: 397   +334
It seems that since W10 alpha every patch (especially the BIG ones) completely break the printing subsystem (and many other things). Who the f runs this company? Just hippies on high is the only correct answer.

Really the best thing you could do after installing W10 (especially for work) is to lock-out the machine from update servers permanently so next patch won't screw things over next week. I had the same problems with printing as millions of other users when it dawned on me few years back that it was MS update dirty secret job. Since that day I just install OS and lock-out WU. Never had post update/printing problems since (well except jammed paper ;) ).

Argument about lack of security, please... like M$ security updates/fixes mean anything for past 30 years.
 

Ben Myers

Posts: 150   +63
I always wondered what are the testing procedures for fixes in the richest company in the world
fortunately everybody knows what to do as this is not the first nor the last time your infrastracture goes south due to the newest recomended patch
Testing procedure? HA! Toss it over the transom and let people use it.

Code reviews? I wonder if ever.
 

BobHome

Posts: 114   +49
MS, fumbling fixes since 1985.

Maybe instead of hardcoding TPM and DX12 ultimate requirements intot heir new UI they should focus on fixing their decades old subsystems, or replace them entirely with new ones that actually work.

OTOH if they tried that I'm sure MS would come up with some BS excuse why laserjets from before 2018 wouldnt work with the new system unless it was a HP 1022n, and inkjets can all work but only through parallel ports.
Tis why I say Windows is still in Beta.
 

zulu53

Posts: 65   +21
You gotta feel it for MS senior managers. It's so difficult for them to gain and retain competent programmers for the core OS. Either their competent programmers want to be promoted above their capability (become managers) or they want to leave MS and go into a job with much more satisfaction (working with decades old code is a ***** and figuring out how to protect that so-called "intellectual property" at the same time, a bridge too far). Their semi-competent ones want to focus on the easy tasks of applying new lipstick and makeup (the UI or Win11 ). No self respecting programmers want to work on core OS at MS. Personally I always assign negative points to any one whose CV contains any period longer than 3 months at MS: if they took longer than that to figure out that MS is/was a poor company to work for then why should I hire them - they are just not that smart, or they have no work ethic (performance for pay).