Microsoft has confirmed that its recent Patch Tuesday round of fixes for Windows 10 has introduced a bug that’s causing issues when users try to print or scan using smart cards for authentication.
As part of the wave of updates released on 13 July, Microsoft attempted to fix an issue affecting printers that were connected to machines through USB connections. However, after installing the updates on domain controllers (DCs), administrators might find that some multifunctional printers will fail to print when using smart card (PIV) authentication.
These ID cards are often used in secure environments and workplaces with contactless card readers for gaining entry to certain areas and are also attached to devices such as printers to authenticate identities prior to their usage. The affected machines are printers and scanners that aren’t compliant with section 3.2.1 of RFC 4556 spec, according to Microsoft.
“If you encounter this issue with your printing or scanning devices, verify that you are using the latest firmware and drivers available for your device,” a Microsoft advisory said. “If your firmware and drivers are up-to-date and you still encounter this issue, we recommend that you contact the device manufacturer.
“Ask if a setting or configuration change is required to bring the device into compliance with the hardening change or if a compliant update will be available.”
RELATED RESOURCE
Nine traits you need to succeed as a cyber security leader
What characteristics and certifications make a successful cyber security leader?
The firm confirmed it’s working on a temporary mitigation, but this isn’t yet available to share. This should allow printing and scanning on affected devices, allowing time for manufacturers to release compliant firmware and drivers for their devices.
This issue might cause a nightmare for workers in certain office environments that rely on smart card-compatible printers. It follows a string of issues in Windows deployments this year, including a string of vulnerabilities detected in the Print Spooler component.
For example, users encountered several printer-related problems in the Patch Tuesday round of fixes released on 9 March this year, according to Neowin. Some instances even resulted in users encountered a blue screen of death when trying to print as a result of driver conflicts. These were subsequently fixed on 15 March in an emergency fix.
-
Enterprises face delicate balancing act with data center sustainability goalsNews High energy consumption, raw material requirements, and physical space constraints are holding back data center sustainability efforts, according to new research from Seagate.
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Hackers are targeting Ivanti VPN users again – here’s what you need to knowNews Ivanti has re-patched a security flaw in its Connect Secure VPN appliances that's been exploited by a China-linked espionage group since at least the middle of March.
-
Broadcom issues urgent alert over three VMware zero-daysNews The firm says it has information to suggest all three are being exploited in the wild
-
Nakivo backup flaw still present on some systems months after firms’ ‘silent patch’, researchers claimNews Over 200 vulnerable Nakivo backup instances have been identified months after the firm silently patched a security flaw.
-
Everything you need to know about the Microsoft Power Pages vulnerabilityNews A severe Microsoft Power Pages vulnerability has been fixed after cyber criminals were found to have been exploiting unpatched systems in the wild.
-
Vulnerability management complexity is leaving enterprises at serious riskNews Fragmented data and siloed processes mean remediation is taking too long
-
A critical Ivanti flaw is being exploited in the wild – here’s what you need to knowNews Cyber criminals are actively exploiting a critical RCE flaw affecting Ivanti Connect Secure appliances
-
Researchers claim an AMD security flaw could let hackers access encrypted dataNews Using only a $10 test rig, researchers were able to pull off the badRAM attack
-
A journey to cyber resiliencewhitepaper DORA: Ushering in a new era of cyber security
