Microsoft rolls out KB5004945 emergency Windows Update to fix PrintNightmare vulnerabilities, but it seems to be affecting Zebra printers

Microsoft has had a troubled year dealing with Windows Updates causing printer issues. The latest problem that has affected printers is called PrintNightmare, which is a remote code execution vulnerability.

Microsoft rolls out KB5004945 emergency Windows Updates to fix PrintNightmare vulnerabilities

Martin wrote an article about this, where he explains a couple of workarounds to deal with the issue that exploits the Print Spooler service.

Microsoft is rolling out an emergency Windows Update called KB5004945 to address the PrintNightmare vulnerabilities. The CVE-2021-34527 security advisory, confirms that the issue affects all versions of Windows. The announcement page for the update recommends users to install the update as soon as possible.

The summary for the patch states that it fixes the remote code execution vulnerabilities.

KB5005010 Update

The release notes for a second patch, called KB5005010, tell us that the update will prevent non-administrator users from installing new printer drivers. The operating system will only allow signed printer drivers for delegates, while non-signed drivers will require admin privileges. The security fix changes the Point and Print policy's registry value to 0, to prevent unauthorized elevation of privileges.

The July 2021 out-of-band update will appear as a cumulative update. It is also available from the Microsoft Windows Update Catalog. You will need to restart the computer to finish patching the computer. It bumped the version number from Windows 10 2004 Build 19041.1055 to Build 19041.1083. The update isn't available for the Windows 11 Insider Preview build that was released a week ago, and rumors suggest that this could be one of the reasons by the Beta release that was scheduled to be released this week has been postponed.

KB5004945 is preventing Zebra printers from printing

Users at the Reddit's sysadmin forums have reported that the KB5004945 update is preventing Zebra printers from printing documents, and that the company's customer support has instructed users to roll back (aka uninstall) the update, to get the devices working.

Hackers say they have bypassed the patch

While it appears that the printing security woes have been resolved, security researchers say they have bypassed the security patches that were included in the KB5004945 emergency update. If the computer has already been configured to use the Point and Print policy, hackers can invoke the LPE (local privilege escalation) or RCE (Remote Code Execution) to gain access to the system. The company has told Bleeping Computer that it is investigating the bypasses.

The researchers term the update as unsatisfactory (or incomplete), as in it doesn't protect the systems completely, and have advised users to keep the Print Spooler service disabled, until a proper fix is issued by Microsoft.

I'm no security expert, but from my understanding, the bypass only appears to be valid when the Point and Print policy has been enabled, and has been configured not to show the elevation prompt. However, Microsoft's support page clearly indicates that the registry key for the policy does not exist, and that the elevation prompt is not hidden, which theoretically means that users should be safe if they have installed the patch.

KB5004945 emergency Windows Update

To make sure you aren't affected, you can manually create the registry key as follows,

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint

NoWarningNoElevationOnInstall = 0 (DWORD) or not defined (default setting)

NoWarningNoElevationOnUpdate = 0 (DWORD) or not defined (default setting)

Are you facing any printer issues since installing the KB5004945 update?

Summary
Microsoft rolls out KB5004945 emergency Windows Update to fix PrintNightmare vulnerabilities
Article Name
Microsoft rolls out KB5004945 emergency Windows Update to fix PrintNightmare vulnerabilities
Description
Microsoft rolls out KB5004945 emergency Windows Update to fix PrintNightmare vulnerabilities, but users say that it is affecting Zebra printers.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. Kee said on July 8, 2021 at 12:49 pm
    Reply

    All Zebra printers do no longer print.

    After removing KB5004945 all zebra printers work again.

    1. Xion said on July 8, 2021 at 5:57 pm
      Reply

      So glad I found this page. Had the issue but also had a blackout near the same time as the update so tracking down the source of the issue was harder.

    2. Bob said on July 8, 2021 at 6:09 pm
      Reply

      All of my Zebra printers do not print either but do again after removing KB5004945.

      Does anyone know a way around this update to keep my printers functioning?

      1. Ze Bra said on July 8, 2021 at 11:59 pm
        Reply

        @Bob

        Unplug your printers and/or that system/network from the web. Use thumb drives to move your print jobs to those printers/system.

        As policy, we always do this in our office, thus avoiding this security issue many are having now.

  2. TelV said on July 8, 2021 at 1:43 pm
    Reply

    Windows 10 is the only OS which appears on the MS Catalog site so I guess the vulnerability doesn’t affect Windows 8.1 or 7.

  3. Ryan F said on July 8, 2021 at 3:41 pm
    Reply

    Had an issue with a customer’s thermal printer yesterday. This was the cause. Microsoft just has a bad track record with updates breaking printers, huh? I remember a couple years ago they pushed out an update that broke certain Epson printers.

    1. TelV said on July 9, 2021 at 10:25 am
      Reply

      Thanks John Wold. I downloaded the security only file for Windows 8.1

      1. BaliRob said on July 9, 2021 at 2:28 pm
        Reply

        I have left out ALL Updates since August and September 2019 when they trashed my computer. I see that you downloaded Security Only Update – what is your experience please – because THIS problem appears far more serious than in the past two years and I feel obliged to use it?

  4. Alexandre P. Trindade said on July 8, 2021 at 5:03 pm
    Reply

    All Zebra printers do no longer print.

    Printing documents with Adobe Reader via ShellExecute API (open) also stopped working, documents are sent to the spool but are not printed.

    After removing KB5004945 all zebra printers work again.

  5. Ros said on July 8, 2021 at 8:56 pm
    Reply

    The update for Windows 7 is KB5004953 ( https://support.microsoft.com/en-us/topic/july-6-2021-kb5004953-monthly-rollup-out-of-band-b0e3bd48-924b-45c5-8b54-d8317aa62901 ).
    Is it only available to ESU clients? The article in the link seems to say that, although I may have misunderstood. My system is supported for ESU, but I don’t belong to the program.

    To quote the article, “After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer”, and the update might show as Failed in Update History. This is expected in the following circumstances:

    1. If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181.

    2.If you do not have an ESU MAK add-on key installed and activated.

    3. If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated.

    1. Henry said on July 10, 2021 at 7:07 am
      Reply

      Indeed, I have not been able to update Windows Embedded STandard 7 or 7 Pro systems to KB5004953 for the same reason.

      I would think if Microsoft was being genuine in extending this security patch to its older Windows 7 base, it would not dangle the ESU requirement infront of everyone.

      I don’t believe most users of these OSes are subscribed to the ESU program.

  6. jw said on July 8, 2021 at 9:47 pm
    Reply

    Remote desktop redirected printers don’t work

  7. Anonymous said on July 8, 2021 at 9:55 pm
    Reply

    Never updated since first installing 1709 enterprise. Why do I never have these nightmare problems? My 20H2 laptop is running worse. Power settings don’t work anymore because of Modern Standby, old S3 settings worked without any problems.

    Probably the real reason why MS has forked Win 11 from Win 10 is because they know they can’t fix 10. It’s a dumpster fire. I doubt they will be able to fix 11 either. They’ve succeeded in now doubling the amount of code they have to maintain.

  8. Anonymous said on July 8, 2021 at 11:00 pm
    Reply

    More work for me. This will take down our whole lab building if pushed.

  9. the print shop said on July 8, 2021 at 11:45 pm
    Reply

    > Are you facing any printer issues?

    Nope.

    We print with an old offline/not-networked Win7 32bit box hooked to a printer. We use thumb drives to get our files to that system.

    The laser printer we use is from the XP days, thus it has no proper drivers for Win10.

    We do much work with older hardware we keep offline, that still works great.

    No worries here.

  10. Stan Duncan said on July 9, 2021 at 10:48 am
    Reply

    Doesn’t install on Windows 10 2004.

    =========================

    2021-07 Cumulative Update for Windows 10 Version 2004 for x64-based Systems (KB5004945)

    CAB SHA256: 7FDE484570594FB594EC07B1CF3444118494FC8649B798F172EE7587A6AD0421

    =========================

    E:\USER\Install\WinUpdate>DISM.exe /Online /Add-Package /PackagePath:E:\USER\Ins
    tall\WinUpdate\Windows10.0-KB5004945-x64.cab

    Deployment Image Servicing and Management tool
    Version: 10.0.19041.572

    Image Version: 10.0.19041.630

    An error occurred trying to open – E:\USER\Install\WinUpdate\Windows10.0-KB50049
    45-x64.cab Error: 0x800f0823
    The specified package cannot be added to this Windows Image due to a version mis
    match.
    Update the Windows image and try the operation again.

    Error: 0x800f0823

    The specified package cannot be added to this Windows Image due to a version mis
    match.
    Update the Windows image and try the operation again.

    =========================

    The DISM log just repeats the mismatch error in the version Window and otherwise looks normal.

    As far as I’m aware the last service stack update for Windows 10 2004 was 1/21/2021 (KB4598481), which I reinstalled for troubleshooting. The reinstall worked but it did not solve the above issue.

  11. Mihaitza said on July 9, 2021 at 11:47 am
    Reply

    Thanks, after removing KB5004945 zebra works

  12. Jim said on July 9, 2021 at 7:34 pm
    Reply

    Well on my system everything appears oversaturated. Desktop background bleeds through the taskbar. Uninstall update and display and colors are back to normal. No where in the update does it mention anything about colors or display.

    1. deja voodoo said on July 11, 2021 at 10:08 am
      Reply

      Your issue sounds like a tactic that hackers employ to get victims to uninstall their security updates.

  13. EP said on July 10, 2021 at 3:24 am
    Reply

    now MS says those certain printing problems are “resolved” by using “known issue rollback” as of July 9:
    https://docs.microsoft.com/en-us/windows/release-health/resolved-issues-windows-10-21h1#1647msgdesc

  14. Ros said on July 11, 2021 at 5:51 pm
    Reply

    The news articles all emphasize that the update includes Windows 7. “Despite announcing that it would no longer issue updates for Windows 7, Microsoft issued a patch for its 12-year old operating system, underscoring the severity of the PrintNightmare flaw.” Henry, did you go to the Windows Update Catalog and try installing the update from there? I’m guessing you did, since it doesn’t appear in the automatic Windows Updates. Is it possible that Microsoft forgot about Windows 7?

  15. Peterc said on July 12, 2021 at 2:07 am
    Reply

    It’s been *ages* since I had to print a zebra, so I’m not too concerned.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.