As previously announced, Microsoft released hardening changes for CVE-2021-33764 in Windows Updates starting on July 13, 2021. When these updates are installed on a domain controller (DC), smart card (PIV) authentication might cause print and scan failures. The affected devices are smart card authenticating printers, scanners, and multifunction devices that don’t support either Diffie-Hellman (DH) for key exchange during PKINIT Kerberos authentication or don’t advertise support for des-ede3-cbc (“triple DES”) during the Kerberos AS request.

A Temporary Mitigation, released in Windows Updates between July 29, 2021, and July 12, 2022, was made available for organizations that encountered this issue and couldn’t bring devices into compliance as required for CVE-2021-33764. However, starting on July 21, 2022, this temporary mitigation will not be usable in security updates. The Windows July 2022 preview update will remove the temporary mitigation and will Require Compliant Printing and scanning devices

(more…)

The post MC403454: Reminder: Removal of temporary mitigation in Windows updates will require compliant printing and scanning devices appeared first on PUPUWEB - Information Resource for Emerging Technology Trends and Cybersecurity.