A quick reminder that as of August 9, 2022, the security Windows updates removes all temporary mitigation released to all Windows updates between July 27, 2021 and July 26, 2022 for smart card authenticating printers, scanners, and multifunction devices that don’t support either:
- Diffie-Hellman (DH) for key exchange during PKINIT Kerberos authentication,
- Or, don’t advertise support for des-ede3-cbc ("triple DES”) during the Kerberos AS request
Without this mitigation, smart card authentication (PIV) might fail on non-compliant devices and cause print and scan failures. Firmware on Smartcard-authenticating printers and scanners must be compatible with section 3.2.1 of the RFC 4556 specification required for CVE-2021-33764 prior to installing Windows updates released on August 9, 2022 or later on Active Directory domain controllers.
Go to KB5005408: Smart card authentication might cause print and scan failures for more information.