Patch Tuesday recap: This month, an ‘Ides of March’ update?

While this month’s security updates weren’t released exactly on the Ides of March, they certainly caused disruption for many users.  (For those not into history or Shakespeare, the Ides of March — March 15, 44 BC — is famous as the day Julius Caesar was assassinated.) Microsoft’s March 9 patch release brought more bumpiness and issues than I can remember in a long time. Perhaps we should reassign the date for this year’s Ides of March to March 9 as an unofficial acknowledgment.

As I alluded to last week, this month was bumpy in terms of patching side effects. Here’s what we know: The March updates included fixes for printing that triggered blue screens of death on computers when users tried to print. In the case of Dymo label printers (and other bar code or graphical printers) they left them printing out blank labels. Larger business-style multifunction printers saw issues, especially where you have an older PCL 3 or PCL 4 style driver. Ricoh and Kyocera users reported the most issues. (One workaround: use a generic PCL 6 driver instead, though you might lose some functions.) Any Kyocera printers that use the KX driver are affected, as are some Okidata, NiceLabel, and point-of-sale system printers from applications called BarTender

For many, the Dymo label printer issue is the worst. I have HP, Brother, and Lexmark printers and have not seen issues with the March 9 base security updates for Windows 10, 8.1, or Windows 7. First, I recommend installing the updates released on the Patch Tuesday and, once you your system reboots, testing your printing functions. If you run into problems, you have two choices:

Option 1: Uninstall the update and pause the installation of updates until April. For those running Windows 10, click on Start, Settings, Update and security, Click on View update history, Click on uninstall update, find the KB and click. The system will uninstall the update and roll itself back to the February patches. Now pause updates by clicking on Start, Settings, Update and security, Windows update, Advanced options and Pick a new date. You can view a video of this process on the Askwoody channel.

Option 2: Pick the latest (March 18) updates and install those. There are two ways to find the right one for your system: The optional update should be offered to you if you go to the Windows update section of your computer; if it isn’t, you can also go to the catalog site. I go to the Windows 10 update history site, and find version of Windows I am running, then I look for the patches dated March 18 to find the patch number I need, then go to the catalog site and search for it. Then you can click on the link offered up and install it. Reboot and see if printing works. If not, uninstall the update (as noted above) and pause until April. Note: since Windows 10 updates are cumulative, you need only install the latest March 18 release, not the one from March 15.

For Windows 10 2004 or 20H2 you should skip the March 9 updates and jump over to the March 18 update for KB5001649. It should be offered up to you as an optional update, or you can download it from the catalog site. (For Windows 10 1909, you need KB5001648; it should also be offered up as an optional update if you go to the Windows update interface or you can download it from the catalog site.)

It appears that the underlying issues triggered by these updates are caused by Microsoft attempting to fix a privilege escalation bug. As noted in the bulletins: “Addresses an elevation of privilege security vulnerability documented in CVE-2021-1640 related to print jobs submitted to “FILE:” ports. After installing Windows updates from March 9, 2021 and later, print jobs that are in a pending state before restarting the print spooler service or restarting the OS will remain in an error state. Manually delete the affected print jobs and resubmit them to the print queue when the print spooler service is online.”

Last June, Microsoft fixed a similar issue and I had issues printing to my Ricoh printers. Back then there were no “fixing” patches; I had to redeploy printer drivers and share them back out to all of the workstations. In a business setting, this process is cumbersome and disruptive and I often find myself having to go back and tweak settings that I had forgotten such as turning off dual-sided printing (which we don’t use as a default in my firm).

If you were affected by these updates, I would take this as a sign that you need to find a newer printer driver from your vendor. Like the mandatory updates for video drivers that Windows 10 demands, printers can be an entry-point for attackers. Elevation-of-privilege bugs are not as critical as remote-code attacks, but when attackers can send out phishing emails and trick you to click on something, or when zero-day browser vulnerabilities can be bundled with these bugs, it’s important to deal with them.

I look for new printer drivers by going to the vendor’s site and putting in the version number of the printer I use. I then look for the exact model and try to find a driver that is simply a printer driver and does not include notifications that my print cartridges are low, or any other software that may slow down my system. Look for a driver date in the last few years, if you can. (If your printer is older, you may have to install a generic driver rather than one specific for your machine.) If you take time now to review what printer driver you have, and update accordingly, you’ll be safer and less likely to run into patching issues in the future.

Microsoft did not make this March patching season easy. Let’s hope April brings us a nice, quiet, boring, headline-free patch day. As always, join us on Askwoody if you need more help or guidance installing updates.