A Windows security update released in January and now fully enforced this month is causing Windows users to experience 0x0000011b errors when printing to network printers.
In January 2021, Microsoft released a security update to fix a ‘Windows Print Spooler Spoofing Vulnerability’ tracked as CVE-2021-1678.
« A security bypass vulnerability exists in the way the Printer Remote Procedure Call (RPC) binding handles authentication for the remote Winspool interface, » explains a support bulletin about the vulnerability.
When the security update was released, it did not automatically protect devices from the vulnerability. However, it did add a new Registry key that admins could use to increase the RPC authentication level used for network printing to mitigate the vulnerability.
In other words, this security update did not fix any vulnerability unless a Windows administrator created the following Registry key:
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print] « RpcAuthnLevelPrivacyEnabled »=dword:00000001
However, in this month’s September 14th Patch Tuesday security updates, Microsoft automatically enabled this setting by default for every Windows device even if that Registry setting was not created.
Once this mitigation was enabled by default, Windows users began experiencing 0x0000011b errors when printing to network printers.
This printing error is mainly seen in small business and home networks that can’t take advantage of a Kerberos setup on a Windows domain.
Uninstalling September’s Windows security updates will fix the problem, but now the devices will be vulnerable to two vulnerabilities, PrintNightmare and MSHTML, actively exploited by threat actors.
A better method is to disable the mitigation for CVE-2021-1678 until Microsoft comes out with new guidance, as that vulnerability is not actively exploited.