check before: 2022-07-19
Product:
Office 365 general, SharePoint
Platform:
World tenant
Status:
Change type:
Admin impact
Links:
Details:
On July 13, 2021, Microsoft released hardening changes for Windows Key Distribution Center Information Disclosure Vulnerability, CVE-2021-33764. With these changes, smart card (PIV) authentication might cause print and scan failures when you install updates released on July 13, 2021, or later versions on a domain controller (DC). The affected devices are smart card authenticating printers, scanners, and multifunction devices that don’t support either Diffie-Hellman (DH) for key exchange during PKINIT Kerberos authentication or don’t advertise support for des-ede3-cbc ("triple DES”) during the Kerberos AS request.
A temporary mitigation, released in Windows Updates between July 29, 2021, and July 12, 2022, was made available for organizations that encountered this issue and couldn't bring devices into compliance as required for CVE-2021-33764. However, starting in July 2022, this temporary mitigation will not be usable in security updates. The Windows July 2022 preview update will remove the temporary mitigation and will require compliant printing and scanning devices.
When will this happen:
All non-compliant devices must be identified using the audit events starting January 2022 and updated or replaced by the mitigation removal starting on July 19, 2022. Refer to the timeline below to understand the last hardening changes for CVE-2021-33764.
July 19, 2022: Optional preview update release to remove temporary mitigation to require compliant printing and scanning devices in your environment on Windows Server 2019.
August 9, 2022: All updates released on this day or later will be unable to use the temporary mitigation on Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 SP1, Windows Server 2008 SP2.
Change Category:
XXXXXXX ...
Scope:
XXXXXXX ...
Release Phase:
Created:
2022-07-14
updated:
2022-08-27
the free basic plan is required to see all details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
changes*
| Date | Property | old | new |
| 2022-09-15 | MC prepare | You must have your non-compliant devices updated and compliant, or replaced by July 19, 2022, when the temporary mitigation will not be usable in security updates.
Additional information: It is important to ensure that you have your non-compliant devices updated and compliant or replaced. Review the below documentation KB5005408: Smart card authentication might cause print and scan failures. CVE-2021-33764: Windows Key Distribution Center Information Disclosure Vulnerability RFC 4556 specification ps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33764 ps://support.microsoft.com/topic/kb5005408-smart-card-authentication-might-cause-print-and-scan-failures-514f0bc5-ecde-4e5e-8c5a-2a776d7fb89 ps://www.ietf.org/rfc/rfc4556.tx | You must have your non-compliant devices updated and compliant, or replaced by July 19, 2022, when the temporary mitigation will not be usable in security updates.
Additional information: It is important to ensure that you have your non-compliant devices updated and compliant or replaced. Review the below documentation KB5005408: Smart card authentication might cause print and scan failures. CVE-2021-33764: Windows Key Distribution Center Information Disclosure Vulnerability RFC 4556 specification https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33764 https://support.microsoft.com/topic/kb5005408-smart-card-authentication-might-cause-print-and-scan-failures-514f0bc5-ecde-4e5e-8c5a-2a776d7fb89a https://www.ietf.org/rfc/rfc4556.txt |
| 2022-08-27 | MC prepare | You must have your non-compliant devices updated and compliant, or replaced by July 19, 2022, when the temporary mitigation will not be usable in security updates.
Additional information: It is important to ensure that you have your non-compliant devices updated and compliant or replaced. Review the below documentation KB5005408: Smart card authentication might cause print and scan failures. CVE-2021-33764: Windows Key Distribution Center Information Disclosure Vulnerability RFC 4556 specification https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33764 https://support.microsoft.com/topic/kb5005408-smart-card-authentication-might-cause-print-and-scan-failures-514f0bc5-ecde-4e5e-8c5a-2a776d7fb89a https://www.ietf.org/rfc/rfc4556.txt | You must have your non-compliant devices updated and compliant, or replaced by July 19, 2022, when the temporary mitigation will not be usable in security updates.
Additional information: It is important to ensure that you have your non-compliant devices updated and compliant or replaced. Review the below documentation KB5005408: Smart card authentication might cause print and scan failures. CVE-2021-33764: Windows Key Distribution Center Information Disclosure Vulnerability RFC 4556 specification ps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33764 ps://support.microsoft.com/topic/kb5005408-smart-card-authentication-might-cause-print-and-scan-failures-514f0bc5-ecde-4e5e-8c5a-2a776d7fb89 ps://www.ietf.org/rfc/rfc4556.tx |
| 2022-07-15 | MC Messages | On July 13, 2021, Microsoft released hardening changes for Windows Key Distribution Center Information Disclosure Vulnerability, CVE-2021-33764. With these changes, smart card (PIV) authentication might cause print and scan failures when you install updates released on July 13, 2021, or later versions on a domain controller (DC). The affected devices are smart card authenticating printers, scanners, and multifunction devices that don’t support either Diffie-Hellman (DH) for key exchange during PKINIT Kerberos authentication or don’t advertise support for des-ede3-cbc ("triple DES”) during the Kerberos AS request.
A temporary mitigation, released in Windows Updates between July 29, 2021, and July 12, 2022, was made available for organizations that encountered this issue and couldn't bring devices into compliance as required for CVE-2021-33764. However, starting in July 2022, this temporary mitigation will not be usable in security updates. The Windows July 2022 preview update will remove the temporary mitigation and will require compliant printing and scanning devices. As of July 19, 2022, there will be no further fallback option in later updates, and all non-compliant devices must be identified using the audit events starting in January 2022 and updated or replaced by the mitigation removal. To learn more, see KB5005408: Smart card authentication might cause print and scan failures. | On July 13, 2021, Microsoft released hardening changes for Windows Key Distribution Center Information Disclosure Vulnerability, CVE-2021-33764. With these changes, smart card (PIV) authentication might cause print and scan failures when you install updates released on July 13, 2021, or later versions on a domain controller (DC). The affected devices are smart card authenticating printers, scanners, and multifunction devices that don’t support either Diffie-Hellman (DH) for key exchange during PKINIT Kerberos authentication or don’t advertise support for des-ede3-cbc ("triple DES”) during the Kerberos AS request.
A temporary mitigation, released in Windows Updates between July 29, 2021, and July 12, 2022, was made available for organizations that encountered this issue and couldn't bring devices into compliance as required for CVE-2021-33764. However, starting in July 2022, this temporary mitigation will not be usable in security updates. The Windows July 2022 preview update will remove the temporary mitigation and will require compliant printing and scanning devices. When will this happen: All non-compliant devices must be identified using the audit events starting January 2022 and updated or replaced by the mitigation removal starting on July 19, 2022. Refer to the timeline below to understand the last hardening changes for CVE-2021-33764. July 19, 2022: Optional preview update release to remove temporary mitigation to require compliant printing and scanning devices in your environment on Windows Server 2019. August 9, 2022: All updates released on this day or later will be unable to use the temporary mitigation on Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 SP1, Windows Server 2008 SP2. |
| 2022-07-15 | MC How Affect | All temporary mitigation for this scenario will be removed on July 19, 2022, and August 9, 2022, depending on the version of Windows that you are using. There will be no further fallback option in later updates.
After July 2022, devices which are not compliant with the RFC 4456 specification and CVE-2021-33764 will not be usable with an updated Windows device. | |
| 2022-07-15 | MC Start Time | 07/13/2022 23:22:19 | 2022-07-15T03:28:36Z |
| 2022-07-15 | MC Last Updated | 07/13/2022 23:25:21 | 2022-07-15T03:28:37Z |
| 2022-07-15 | MC prepare | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33764
https://support.microsoft.com/en-us/topic/kb5005408-smart-card-authentication-might-cause-print-and-scan-failures-514f0bc5-ecde-4e5e-8c5a-2a776d7fb89a | You must have your non-compliant devices updated and compliant, or replaced by July 19, 2022, when the temporary mitigation will not be usable in security updates.
Additional information: It is important to ensure that you have your non-compliant devices updated and compliant or replaced. Review the below documentation KB5005408: Smart card authentication might cause print and scan failures. CVE-2021-33764: Windows Key Distribution Center Information Disclosure Vulnerability RFC 4556 specification https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33764 https://support.microsoft.com/topic/kb5005408-smart-card-authentication-might-cause-print-and-scan-failures-514f0bc5-ecde-4e5e-8c5a-2a776d7fb89a https://www.ietf.org/rfc/rfc4556.txt |
*starting April 2022
Last updated 9 months ago
