"After installing updates released July 13, 2021 on domain controllers (DCs) in your environment, printers (opens in new tab), scanners (opens in new tab), and multifunction devices (opens in new tab) that are not compliant with section 3.2.1 of RFC 4556 spec might fail to print when using smart card (PIV) authentication," shared Microsoft (opens in new tab) as it listed the issues that plague the latest Windows 10 release, version 21H1.
Microsoft explains that the issue only affects devices that support smart card authentication. Furthermore, it only manifests itself on devices that don’t support the Diffie–Hellman key or advertise support for triple DES (des-ede3-cbc) during the Kerberos Authentication Service (AS) request.
- Here’s our recommendations for the best small business printers (opens in new tab)
- These are the best laser printers (opens in new tab) around today
- We’ve also curated the best inkjet printers (opens in new tab)
Throwing the rulebook at such devices, Microsoft suggests that section 3.2.1 of RFC 4556 spec clearly states that compliant smart card devices either use DH for key-exchange, or support and notify the Kerberos Domain Controller (KDC) of their support for triple DES.
Microsoft adds (opens in new tab) that the issue crept up when it implemented the fix for the information disclosure vulnerability in the Windows Key Distribution Center tracked as CVE-2021-33764 (opens in new tab).
The software gian advises Windows 10 users who encounter this issue to first ensure they are using the latest drivers and firmware on the affected printing and scanning devices.
If updating the drivers and firmware doesn’t work, Microsoft suggests users to contact the device manufacturers to implement changes to make the devices compliant with CVE-2021-33764.
Meanwhile, Microsoft says it is working on a temporary mitigation, adding that the affected devices should work without issues when using the traditional username and password authentication.
- Take a look at our collection of the best all-in-one printers (opens in new tab)