“After installing updates released July 13, 2021 on domain controllers (DCs) in your environment, printers, scanners, and multifunction devices that are not compliant with section 3.2.1 of RFC 4556 spec might fail to print when using smart card (PIV) authentication,” shared Microsoft as it listed the issues that plague the latest Windows 10 release, version 21H1.
Microsoft explains that the issue only affects devices that support smart card authentication. Furthermore, it only manifests itself on devices that don’t support the Diffie–Hellman key or advertise support for triple DES (des-ede3-cbc) during the Kerberos Authentication Service (AS) request.
Throwing the rulebook at such devices, Microsoft suggests that section 3.2.1 of RFC 4556 spec clearly states that compliant smart card devices either use DH for key-exchange, or support and notify the Kerberos Domain Controller (KDC) of their support for triple DES.
The software gian advises Windows 10 users who encounter this issue to first ensure they are using the latest drivers and firmware on the affected printing and scanning devices.
If updating the drivers and firmware doesn’t work, Microsoft suggests users to contact the device manufacturers to implement changes to make the devices compliant with CVE-2021-33764.
Meanwhile, Microsoft says it is working on a temporary mitigation, adding that the affected devices should work without issues when using the traditional username and password authentication.