Jump to content
  • Windows July update breaks printing and scanning when using smart-cards


    • 3 minutes

    • 3 minutes

    Windows July update breaks printing and scanning when using smart-cards


    Microsoft seems to be having to deal with issues related to printers for a while now. This year alone, starting with the March update that caused the blue screen of death (BSOD) when trying to print, and more recently with the PrintNightmare print spooler service vulnerability. And Microsoft's troubles aren't stopping there.


    Today, the firm has confirmed that its recent July security update version KB5004237, which was released on July 13, is causing problems when printing on certain systems when trying to utilize smart cards for user authentication. This time, alongside printing problems, scanning on such systems may also not work.


    According to the Redmond firm, the KB5004237 July 13 cumulative update fixed printing problems on such printers that were connected via USB. However, it seems the update has also introduced a new bug as a result of the changes made for dealing with the CVE-2021-33764 vulnerability. This is causing the new issue on Domain Controller servers which act as gatekeepers responsible for dealing with such authentication requests.


    It has been noted however that while working with smart cards may fail, username and password authentication should work without issue. Here's how Microsoft has described the problem:

    After installing updates released July 13, 2021 on domain controllers (DCs) in your environment, printers, scanners, and multifunction devices which are not compliant with section 3.2.1 of RFC 4556 spec, might fail to print when using smart-card (PIV) authentication.

    The problem has been detailed a bit more under KB5005408 which explains that client printers and scanners must be compliant with either of the following:

    • Use Diffie-Hellman for key-exchange during PKINIT Kerberos authentication (preferred).

    • Both support and notify the KDC of their support for des-ede3-cbc ("triple DES”).

    Here, KDC refers to a Key Distribution Center.


    The Windows platforms affected by this issue are:


    • Client: Windows 10, version 21H1; Windows 10, version 20H2; Windows 10, version 2004; Windows 10, version 1909; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise 2015 LTSB; Windows 8.1; Windows 7 SP1

    • Server: Windows Server, version 20H2; Windows Server, version 2004; Windows Server, version 1909; Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2


    Microsoft has said that it's investigating the issue and will provide a temporary workaround. For people having problems, the company has asked to update the necessary drivers and firmware and to consult with the device manufacturers when needed. You may find more details about the problem here on the company's official page.



    Windows July update breaks printing and scanning when using smart-cards

    User Feedback

    Recommended Comments

    There are no comments to display.

    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...