How to manage Windows Security Tamper Protection feature on Windows 10

We have been following the PrintNightmare vulnerability in Microsoft’s Windows Print Spooler for months, and we are no closer to waking up. Microsoft is rolling out patches at a steady pace to keep up with the moving threat of PrintNightmare. However, as it often the case, some of these patches are causing their own issues.

And that is what is happening with the KB5005033 patch rolled out as part of September Patch Tuesday last week. Microsoft confirms this patch is breaking general printing capabilities for organizations with specific configurations.

In an advisory for the patch, Microsoft explains the following issues:

Advertisement

“After installing KB5005033 or a later update, certain printers in some environments using Point and Print might receive a prompt saying, “Do you trust this printer” and requiring administrator credentials to install every time an app attempts to print to a print server or a print client connects to a print server. This is caused by a print driver on the print client and the print server using the same filename, but the server has a newer version of the file. When the print client connects to the print server, it finds a newer driver file and is prompted to update the drivers on the print client, but the file in the package it is offered for installation does not include the later file version.”

The problem covers a wide selection of Windows client and server builds if they have installed the KB5005033 patch. Microsoft says users can involve the problem if they have the newest drivers and the same version running on client and server builds. If this does not work, users must contact the printer manufacturer.

PrintNightmare

PrintNightmare started as From an exploit PoC accidentally leaking online in June, to Microsoft later issuing an emergency out of band patch.

It was spotted by security researchers at Sangfor, the flaw became active when the group accidentally released the proof-of-concept (PoC). This gave attackers the knowledge of how to exploit the flaw, meaning they could conduct remote execution code attacks to gain system-level privileges.

Despite patches, PrintNightmare returned in August, prompting Microsoft to take action again.

Tip of the day: Did you know that Windows 10´s Task Manager lets you set CPU affinity to claw back some resources from running apps and give selected apps higher priority. Our tutorial shows how you can use this helpful feature.

Advertisement