New
#61
We have only one computer that hosts shared printers on it. However, I have found that even if it does not have KB5005565 on it, if a client computer has that update, it will not print. I have therefore had to remove KB5005565 from all the computers on the network.
Just for clarity, I have not yet tried the registry fix, but it looks promising, and I will try it later today.
If I have understood correctly, On the printer host computer only, I go to...
HKEY-LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print
...and look to see if the key RpcAuthnLevelPrivacyEnabled exists, and if does, set its DWORD value to 0, and if doesn't exist, create it, and set its DWORD value 0
Then I can un-pause updates of all the computers to allow KB5005565 to install the next time updates are installed.
Correct?
Yes, that's my understanding, but I would install the KB5005565 on the printer server, reboot the printer server, make the registry change on the printer server, reboot the printer server, then confirm printing still works from a single test client. Then install KB5005565 on that client, reboot, and confirm printing still works. That should be a good test for you to see this workaround is working.
Note you have a erroneous "-" vs "_" in the path above.
OK, so I have...
1. Uninstalled KB5005565 on the host computer
2. Made the necessary registry change as per Nikki605's post #41
3. Restarted the host computer.
4. On restart, I checked Settings > Update&Security and found that KB5005565 was Pending install, so I clicked Install
5. When it finished installing, it prompted a restart so I did that (it restarted a couple of times as it does sometimes when doing updates)
6. Tested both printers from client computers.
FIXED - Thank you Nikki605
So as I understand it, all the client computers have KB5005565 installed and they are fully protected against the vulnerability it addresses, but the host computer, while it also has KB5005565 installed, is not protected because of the registry hack.
Do I have that right?
KB5005565 has several security patches and the majority are still in effect even with the Rpc registry patch added. Here is a good explanation of the effect this Rpc registry patch has with KB5005565 installed:
How to fix the Windows 0x0000011b network printing error
Last edited by nikki605; 28 Sep 2021 at 08:05.
I believe that the Host PC will be vulnerable to an attack that utilizes the Point And Print vector as it's way in.
The registry change does not enforce the security fix.
The registry change allows us to print as we want to, but it is a workaround rather than a fix.
We (I) are hoping for Microsoft to recognize this as a problem and devise a fix that allows both printing as we do and security.
Hopefully in a future update.
What if you don't have RpcAuthnLevelPrivacyEnabled in the registery?