Windows security update KB5004945 breaks printing on Zebra printers

Windows printing

Microsoft’s recent out-of-band KB5004945 PrintNightmare security updates are preventing Windows users from printing to certain Zebra printers.

Last month, a PoC exploit for a new Windows Print Spooler remote code execution and local privilege escalation vulnerability called PrintNightmare was accidentally disclosed on GitHub.

Soon after, Microsoft acknowledged that it was actively exploited, and an unofficial 0Patch micropatch was released to temporarily fix the vulnerability.

This week, Microsoft released mandatory out-of-band Windows security updates to fix the remote code execution component of the PrintNightmare vulnerability.

However, researchers quickly determined that these patches did not fix the vulnerability in all cases.

Unfortunately, the patches are also causing printing issues for some Windows users.

Security update causes printing issues

In numerous reports shared on Twitter and Reddit [1234], Windows users state that they can no longer print to certain Zebra label printers after installing the update.

“We have about 1000 customers using Zebra printers and are getting flooded with calls from them not being able to print. This update is the culprit for sure as rolling it back has things spitting out again instantly,” an affected person posted to the Sysadmin subreddit.

Soon after, many other Zebra owners confirmed that they too were having issues after installing the update.

According to users affected by the bug, it is only affecting printers directly attached to Windows devices via USB. Zebra printers hooked up to a print server are not affected.

Windows users also report that only specific Zebra models are affected, with LP 2844, ZT220, ZD410, ZD500, ZD620, ZT230, ZT410, and ZT420 being some of the known models affected by the patch.

After uninstalling the security updates, users state that the printers begin to work fine again. As this is a mandatory security update, after some time, Windows will automatically reinstall the update.

It is unclear what is causing the issue, but the security update replaces the localspl.dll file with a new modified version. Changes in this DLL may be conflicting with the Zebra printer drivers and preventing printing.

For those affected, you can temporarily prevent this update from being installed again, but it is necessary to determine if printing is more important than the risks of the vulnerability.

Update 7/8/21: Zebra shared the following statement on resolving the printing issues:

We are aware of a printing issue caused by the July 6 Windows “KB5004945“ update affecting multiple brands of printers. Microsoft has investigated this issue and plans to release an update addressing the issue within the next 1–2 business days. An immediate way to address the issue is to uninstall the Windows “KB5004945“ update or uninstall the affected printer driver and reinstall using Administrative credentials. Long term, we encourage the use of the newer Windows update Microsoft is planning to release. Customers who need assistance regarding Zebra printers may contact our Technical Support Team.


Update 7/8/21 8:05 PM EST: Added statement from Zebra.

Source link

Sign up for our daily Cyber Security Analysis and Threat Intelligence news.