Microsoft responds to PrintNightmare by making life that little bit harder for admins Microsoft appears intent on turning the print spooler remote code execution vulnerability known as "PrintNightmare" into an AdminNightmare, judging by its latest mitigation, which requires administrator privileges for Point and Print driver installation and update. As a reminder (if one were needed), PrintNightmare began life …
One Dell printer on my network, a C2660, was also presenting itself as being fussy on Win10 systems.
Windows 10, at a "fundamental" level, wasn't the problem. The printer, wasn't the problem. The problem was that Microsoft choose to default to its standard, modular printer driver.
Delete the printer and re-install manually by selecting "The printer that I want wasn't listed" after it auto-searches in the Add Printer dialog. Then configure your printer using the exact specified driver for the printer model, not the default Microsoft-sourced one (if you do not have it, get it from the manufacturer direct).
Solved all my problems. Yes, I had to roll out this fix to all affected computers but it was worth the end of the flaky operations.
To replace her HP printer when it died, hoping it would be less troublesome on Windows. To the contrary, it has been more troublesome.
So I think it is Windows that's the problem. I mean, I've had HP printers at home for many years and they've been trouble free (other than ink cartridges drying out from lack of use) on my Linux PC...
I've got a fairly modern (last year model) HP laser MFD, and a slightly older Brother printer. The HP replaced another 15 year old higher-end HP inkjet that was getting too expensive to run.
All networked and all have continuously just worked on our Ubuntu and Mac machines - plug and play.
Only printer issues we ever have are running out of paper/ink/toner.
"... that meant that we didn't need per-printer drivers"
It's in the interest of both printer manufacturers (for brand lock in) and OS vendors (to facilitate churn) that printer drivers are proprietary and versioned.
This is about revenue not printing. Essentially the entire IT industry now considers itself more important (to itself) than the users of its products.
However I do feel that rather than applying a sticking plaster by elevating the rights needed to control a flawed service, NS might have taken the trouble to fix the bug in the service.
>It's in the interest of both printer manufacturers (for brand lock in) and OS vendors (to facilitate churn) that printer drivers are proprietary and versioned.
I would agree this is probably the case with the well known consumer brands. However, enter the world of business-grade printers from Ricoh, Oki, Kyocera, etc.and these will all use a standard PS/PDF driver. Obviously, if you want a fancy printer then only the OEM's driver will let you get access to the full feature set.
Having had to wrangle business grade printers and printer management software from Canon, Ricoh and HP over the years I would say they are all archiac crap.
The sooner we all mange to actualy fulfill Wangs promise from the 70s of a paperless office the better everyones life will be.
The only thing more archaic than printers is warehouse managemnet software, you will have conversations like
"What about OS patching?"
"We don't test OS patches or support doing that it you need to do that that in your Dev environment"
"What? Test in that spare warehouse over there where we can do unlimited testing of patches (for you) to make sure it doesn't break your shite code you can't even be arsed to sign let alone test?"
That would be PCL5e if driving the traditional herd of Heaving Packhorses in the corporate Windows space. To hell with whatever the badge says on the hardware.
Allowing end users to install some driver they found on the internet is hardly a recipe for system stability, is it? I don't know why some IT teams put up with it.
Salesperson, we want a standard driver. One that runs anything we are likely to order from your brochure. Here, we've ticked them for you. If anyone wants to call off anything else from your product range, speak to us first because accounts payable have /very/ strict instructions.
Naturally we're talking exclusivity. Here's an inventory giving you some idea of the size of the existing estate. Still interested? Good. Sign here, please, in blood.
You've already got it.
Get a printer with IPP or IPPS (most network connected printers these days), and you effectively send a PDF file to the printer, and it sorts out how to lay it down on the paper.
I know PostScript was a predecessor to this, and I was using PS back in the 1980's from UNIX systems (and that PDF is essentially PS on steroids), but the industry appears to have standardized on PDF now.
"(and that PDF is essentially PS on steroids)"
It's the reverse; it's neutered so it isn't Turing complete. (Postscript is a dialect of Forth.) And then it bundles everything into one file archive. Although, yes, it adds in some modern standards (jpg, zip and ttf).
If its good enough for professional printing, I can't see why a desktop printer can't handle it.
There have been a number of years where MS have been quite on top of patching, but with the mandatory bundles of security fixes changes, and trialing fixes on the section of the user base stupid enough to run the leading edge version I do wonder if this is going to worsen.
Certainly making plans to move even more personal stuff off Windows
I think it is time for another reckoning.
If printers don’t support IPP+, AirPrint, direct PostScript submissions or other driverless printing mechanisms... just drop support. There should be no need for specialised drivers for common printing functionality in 2021. Ditto for scanning. In fact, Microsoft should go whole hog and just turn Print Spooler into a stub for performing server-side print rendering support and handling legacy APIs in a graceful, unprivileged manner. Why oh why does it need SYSTEM privileges still? NT allows for granular ACLs for device objects, so it’s a joke that it hasn’t been sandboxed already even with the legacy cruft!
That's fine until you have a specialist printer that may be either old, or difficult to replace, and they've pulled support for putting drivers into the print system (I remember when you had to format prints for the correct printer before sending it to the spooler, like we had to do with troff, LaTeX etc.). DOS used to have the same sort of problem, remember configuring your word processor or spreadsheet to use a particular print format in it's configuration file?
But even going back to these bad old days would not be possible if you no longer support raw print streams.
Get ready for it. The CUPS developers have already said that in their opinion, IPP will be the only way to go.
And the next step will be that the printer needs to be permanently connected to the Internet to print because the job is uploaded to a cloud service, processed then sent back to the printer to be rendered.
Many consumer printers already talk to vendor services on the Internet to "improve the consumer experience" so it is not really a big step to do this. So much stuff now expects to have an Internet connection just to work, regardless of whether it adds value (it usually doesn't) the whole thing is a total nightmare.
A lot of this is driven by the consumer wanting to print pictures of babies and kittens at any time, any place and any device. The real trouble starts when it merges into the corporate space. Now with all the working from home stuff this is going to start becoming blurred.
Does that mean Apple are actually going to give CUPS some attention? Its hardly been touched in a while. My print nightmares are all related to a networked [via CUPS] HP laser printer running native drivers from a Windows 10 machine.
Yes its USB only, yes its old, but the printer is fine. Why do I have to put a perfectly good device into the nightmare that is electronics recycling for no good reason?
Everything else *JUST WORKS*, even the HP inkjet, but getting this laser printer working? NAH. NIET, not a chance.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
