check before: 2022-08-04
Product:
SharePoint, Universal Print, Windows, Windows Server
Platform:
World tenant, Online
Status:
Change type:
Admin impact
Links:
Details:
As previously announced, Microsoft released hardening changes for CVE-2021-33764 in Windows updates starting on July 13, 2021. When these updates are installed on a domain controller (DC), smart card (PIV) authentication might cause print and scan failures. The affected devices are smart card authenticating printers, scanners, and multifunction devices that don’t support either Diffie-Hellman (DH) for key exchange during PKINIT Kerberos authentication or don’t advertise support for des-ede3-cbc ("triple DES”) during the Kerberos AS request.
A temporary mitigation, released in Windows Updates between July 29, 2021, and July 12, 2022, was made available for organizations that encountered this issue and couldn't bring devices into compliance as required for CVE-2021-33764. However, starting on July 21, 2022, this temporary mitigation will not be usable in security updates. The Windows July 2022 preview update will remove the temporary mitigation and will require compliant printing and scanning devices
When will this happen:
Refer to the below timeline to understand the progressive hardening coming:
July 21, 2022: Optional preview update released for Windows Server 2019 will remove temporary mitigation and will require compliant printing and scanning devices in your environment.
August 9, 2022: All updates released on this day or later will be unable to use the temporary mitigation. This applies to: Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2022-07-22
updated:
2022-08-27
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
** AI generated content. This information is not reliable.
the free basic plan is required to see all details. Sign up here
change history
| Date | Property | old | new |
| 2022-09-15 | MC prepare | You must have your devices updated and compliant with this hardening, or replaced by July 21, 2022, when the temporary mitigation will not be usable in security updates.
Additional information: Review the below documentation KB5005408: Smart card authentication might cause print and scan failures. CVE-2021-33764: Windows Key Distribution Center Information Disclosure Vulnerability RFC 4556 specification ps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33764 ps://support.microsoft.com/topic/kb5005408-smart-card-authentication-might-cause-print-and-scan-failures-514f0bc5-ecde-4e5e-8c5a-2a776d7fb89 ps://www.ietf.org/rfc/rfc4556.tx | You must have your devices updated and compliant with this hardening, or replaced by July 21, 2022, when the temporary mitigation will not be usable in security updates.
Additional information: Review the below documentation KB5005408: Smart card authentication might cause print and scan failures. CVE-2021-33764: Windows Key Distribution Center Information Disclosure Vulnerability RFC 4556 specification https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33764 https://support.microsoft.com/topic/kb5005408-smart-card-authentication-might-cause-print-and-scan-failures-514f0bc5-ecde-4e5e-8c5a-2a776d7fb89a https://www.ietf.org/rfc/rfc4556.txt |
| 2022-08-27 | MC prepare | You must have your devices updated and compliant with this hardening, or replaced by July 21, 2022, when the temporary mitigation will not be usable in security updates.
Additional information: Review the below documentation KB5005408: Smart card authentication might cause print and scan failures. CVE-2021-33764: Windows Key Distribution Center Information Disclosure Vulnerability RFC 4556 specification https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33764 https://support.microsoft.com/topic/kb5005408-smart-card-authentication-might-cause-print-and-scan-failures-514f0bc5-ecde-4e5e-8c5a-2a776d7fb89a https://www.ietf.org/rfc/rfc4556.txt | You must have your devices updated and compliant with this hardening, or replaced by July 21, 2022, when the temporary mitigation will not be usable in security updates.
Additional information: Review the below documentation KB5005408: Smart card authentication might cause print and scan failures. CVE-2021-33764: Windows Key Distribution Center Information Disclosure Vulnerability RFC 4556 specification ps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33764 ps://support.microsoft.com/topic/kb5005408-smart-card-authentication-might-cause-print-and-scan-failures-514f0bc5-ecde-4e5e-8c5a-2a776d7fb89 ps://www.ietf.org/rfc/rfc4556.tx |
Last updated 1 year ago ago
