Windows Update in September causes printing issues in IT Support

Support Key

Print Nightmare Patch

Microsoft released an update for Windows (KB5005565 , KB5005566, and  KB5005652) that is causing quite some problems with Printers and networking.   There have been reports that I’ve seen of this affecting business and all around.   I’ve seen this in my Job also, Drivers not installing and Windows updates not installing because the drivers isn’t being able to be installed.   Paper sizes and even POS printers not printing due to the Printer spooler being patched by Microsoft.   Bleeping Computers even says that it broke the point to a network printer and is causing issues with people being able to print on the network.

Significant problems

Even I’ve seen the problems that came along with the new update.   The real problem is how to protect the business who need to use their network for business purposes.   What are some ways to do it and keep the business safe?  These are all the questions that need to be answered but as of yet no one knows what the really way to patch the problem associated with the Print Spooler and Print Network.

IT admins have said as much as uninstalling the update resolves most if not all the printer issues they’ve seen the last week or two but that isn’t really suggested by Microsoft due to the Print Nightmare issues and ransomware issues that might arise from it.   All I know is IT admins are left on the side of the road as to how to fix the issue without the patch or if there will be a hotfix now the road to fix the September update.  Either way there isn’t much we can do but wait and see.

Possible ways to Mitigate this issue:

Change your Group Policy Object (GPO) in Active Directory on the target computers on the network to “RestrictDriverInstallationToAdministrators = 0” but than again we are just opening up that hole that Microsoft is trying to close.

Registry add:

reg add “HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint” /v RestrictDriverInstallationToAdministrators /t REG_DWORD /d 0 /f

Again this will only bypass what Microsoft is trying to close with the vulnerability in Windows point and print issue on the network.   You should be able to start printing after you reboot.   This however isn’t suggested by me or anyone who is looking to keep the printer from being used in a ransomware attack.

Installing V4 drivers instead of V3 Drivers will solve this issue also but some  vendors don’t even have V4 drivers available to install as of yet.  Until they make those drivers available, there isn’t really much we can do about it or even suggest to the business that are having difficulty with the printing issue at hand.

Resources:

Security News for this Month and How that affects you!

tpm chip on imac.png

Hackers get around TPM

According to Arstechnica, a hacker was able to get around TPM in under 30 minutes.  It seems impressive for someone to be able get around something that Microsoft thinks helps secure your operating system.  I’ve been doing some major research into how secure is the TPM and secure boot.

Getting around the TPM in this manner is akin to ignoring Fort Knox and focusing on the not-so-armored car coming out of it.  — Arstechnica

Fort Knox is way better than a TPM, it just means that people don’t realize the vulnerabilities of the the TPM.   It is still relatively new and people just haven’t had the chance to thoroughly test the trusted platform module.

BlackMatter is Reborn

With Revil and DarkSide getting shut down, we now see that BlackMatter could really be just a simple name change from Darkside.

And sure enough, a recent detailed forensic analysis of the cryptographic algorithms being employed by an apparent newcomer named “BlackMatter” suggests that BlackMatter is actually DarkSide 2.0. — Steve Gibson

It seems that they have left the affiliate model and now are looking for the IAB(initial Access Brokers) to be able to infect computers and networks that might bring them some great revenue from ransomware.  Ransomware is getting more and more common and I can guess that they will start to use something like this to infect companies computers.   I doubt they will infect targets that are going to be bring them to much attention.

Print Nightmare is a feature not a bug!

I keep saying this but the Print nightmare that is being talked about last month will probably never truly be fix because Microsoft created this issue in the early days so people could easily print to any system.   Microsoft has been trying to fix some of the issues but I doubt they will ever fix them all.  The idea that it is a zero day, is something that Microsoft didn’t expect but most researchers would have said it was probably possible for several years at the least.  I am sure this will be used with a number of other things such as the Boothole exploit.  Although this has already be patched by most Linux distro, there are some that just won’t update due to not being able to or wanting to.  So there are going always have people who will not see a need to update their systems.  .

The First 6 months

Most researchers have said this but in the past 6 months there has already been more attacks than last year.   Although most of malware and ransomware writers were all just like everyone else watching what is going on in the world and covid19.  They probably weren’t very busy last year and now they need to fix that by showing us how much more they can do.   I am sure it will even be better the next 6 months but I am also hopeful the Russians government will keep putting pressure on the virus writers to keep their acts clean and leave companies alone.  I doubt it but I can only hope.

What’s your thoughts on all that has happened this year?  Do you think it will slow down or get even faster?  Do you think we will see more computers getting compromised even with TPM and Secure boot enabled?  Let me hear your thoughts.