ISSUE 18.37.1 • 2021-09-28

By Susan Bradley

Printing or security — you decide

We’re back to reasonable levels of safety and of understanding the nature of recent updates, so I’m recommending the resumption of update installation — but not without some major caveats. Sadly, there are still some side effects with printing, which is getting to be an annoying trend. It’s been months now.

These updates also include new and expanded categories plus registry keys that allow you to officially defer Windows 11 and then choose to push off the upcoming 21H2 release. More about that later.

I haven’t seen printing problems with directly attached printers, the most likely scenario for home users. Therefore, I recommend applying the September updates now. The reason is that this month’s updates include expanded sections to choose various versions of Windows 10 or Windows 11 and specifically block what you don’t want.

For those of you on Windows 10 Professional, after installing the September updates you’ll be able to click on the search box and type in “edit group policy.” Next, scroll down to Computer Configuration, Administrative Templates, Windows Components, Windows Update, and Windows Update for Business. Find the setting for Select the target Feature Update version. Click on Enabled, fill in the product version in the first box (“Windows 10”), and then the feature release version you want to keep.

Of course, Windows 10 Home can’t do group policy. Instead, use registry keys to defer Windows 11 and stay on the version of Windows 10 you want. You’ll be adding a value under

HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate

Manually add the values “TargetReleaseVersion”=dword:00000001, “ProductVersion”=”Windows 10”, and “TargetReleaseVersionInfo”=”21H1”.

I’ve made it easier for you by including links to download these registry keys. If you want to stay on 21H1, click on this link and install it on your system. If you plan to let your machine upgrade to 21H2, click on this link. And if you leave the setting alone and do nothing, and your computer does not have the hardware capabilities for Windows 11, you will not be offered the upgrade. If you do have hardware that can handle Windows 11, you’ll be offered — but not pushed to — Windows 11.

First the good news: Microsoft has finally acknowledged what we’ve known for weeks now — its updates trigger issues if your users do not have administrator rights. The bad news is that it hasn’t yet acknowledged the issues we’ve seen this month, nor are any fixes planned. Microsoft will only urge us to

Verify that you are using the latest drivers for all your printing devices and where possible, use the same version of the print driver on the print client and print server.

Microsoft indicates that the trigger is

… caused by a print driver on the print client and the print server using the same filename, but the server has a newer version of the file.

But here’s the problem: We never installed a newer driver on the server. We did nothing but install the software update to the server. I know that many of these notifications are triggered by the use of v3 (older) printer drivers versus v4 printer drivers. If you cannot upgrade to v4 drivers, you have a couple of options to “re-push” out drivers to fix this issue.

Unfortunately, in this era of cumulative updates you can’t break out the parts of the update you want from the parts you don’t want. So if you don’t install this update this month, you put your business at risk from MSHTML-based ransomware attacks (CVE-2021-40444).  If you make the decision to not install these updates, make sure you use the registry keys I wrote about earlier to block the MSHTML vulnerabilities. Don’t go unpatched and unprotected.

References

Read the full story in the AskWoody Plus Alert 18.37.1 (2021-09-28).