Microsoft Windows Protected Printing

Microsoft is introducing a new XPS based printing system to eliminate print drivers and the associated vulnerabilities.

Since the early days of Windows, Microsoft have allowed the easy silent distribution and installation of print drivers written by printer hardware manufacturers and others. To do this very powerful system level permissions are inherently granted to the Windows Printing subsystem, the Windows Print Spooler, which eventually led to these being exploited by bad actors, most famously with the “PrintNightMare” attack.

In response, Microsoft have gone beyond patching and are introducing “Windows Protected Printing”, to offer a print driver free printing system, built around generic embedded Type 4 class drivers. This will provide a secure environment in the sense it will remove the ability to install a custom written Print driver, and the associated potential for exploitation.

This will of course take time to become common, and is optional for the foreseeable future, but at present.

  1. Switching on the option, is a one way trip, being irreversible.
  2. Hardware manufacturers will need time to respond
  3. Legacy hardware may not support the new print system, and if they don’t, probably never will.
  4. Printing is going to be based on type 4 XPS drivers only.
  5. Type 3 drivers will not work. meaning older printers may no longer be usable.
  6. Printer functionality may become more limited, depending upon hardware manufacturer support.
  7. Formate eVo print output is already XPS based, but virtual printers are unlikely to work.
  8. Some Legacy ERP systems may be unable to print to Windows shared printer anymore.
  9. Sending directly, “code” such as ZPL to a thermal printer via a driver may be impossible.

Please speak to us before switching on Windows Protected Printing on a server hosting eVo,

As we will see our understanding evolve over the coming 12-24 months, the above should be viewed as simply our initial view, and may not be 100% accurate, and is intended to only raise awareness and prompt consideration at this point, not be definitive.

Only first job prints to eVo virtual printer from AS400\iSeries\UNIX

Only first job prints to eVo virtual printer from AS400\iSeries\UNIX, further print jobs held in host system print queue after installation of MS Update KB5040437 (server 2022), KB5040430 (server 2016)

2024-07 Cumulative Update for Microsoft server operating system, version 22H2 for x64-based Systems (KB5040437)

and equivalent updates for other Windows OS versions

Print problems from AS400 have been reported, but may affect any system such as UNIX hosts using Windows LPD (RPM users should not be affected)

First job prints, then subsequent jobs sit in As400 print queue and are not accepted by windows server.   restart allows one more job through.

Microsoft acknowledges problem LPD Service stops after CVE-2024-38027 – Microsoft Community

this is a native windows LPD problem and seems like rollback is the current fix

Sending higher volumes of emails via 0365 – Update HVE Accounts

High Volume Email for Microsoft 365

As we have reported many times Microsoft do not allow\want the sending of high volumes of emails through a standard O365 user account, making it difficult sometimes with back office systems such as Formate eVo.

To be fair Microsoft have offered authenticated SMTP as a step forward, but whilst it expands the boundaries, it doesn’t offer a real break through. Microsoft also offer a chargeable Azure Comms service which allows the bulk sending of emails, but it is far from simple;

Overview of Azure Communication Services email – An Azure Communication Services concept article | Microsoft Learn

We ourselves have had good success sending via 3rd party services such as MailGun, or SMTP2GO, and this remains our chosen solution.

However there now might another option coming! Microsoft are previewing HVE (High Volume Emailing) accounts.

Public Preview: High Volume Email for Microsoft 365 – Microsoft Community Hub

High Volume Email for Microsoft 365 still has limitations, isn’t universally available at present but may push the boundaries still further – Might be something worth checking out.

Service Release 24.1 (24.1.24088.11215)

New Patch Release – Please see release notes in Dashboard Update Utility Headlines: Updated MS and Google Libraries for oAuth2 Email connections Reviewer Improvements with large record collections

Microsoft SharePoint – User Poll

Microsoft have announced the final removal of basic authentication to access MS SharePoint Library’s and sites.

Microsoft have announced the final removal of basic authentication to access MS SharePoint Library’s and sites. It appears this will affect MS SharePoint provided as part of O365 first, with legacy SharePoint sites being granted a stay until 2026.

At this point frankly timelines are a little unclear, but at present we will only support basic authentication and whilst we will review supporting modern authentication via oAuth, it is by no means certain we will do so.

Please let us know if you use Formate eVo’s MS SharePoint functions, via the support email address or your account manager as your input may affect our decision making. Thanks

Poll will close – 01/05/2024

Service Release 23.6 (23.6.23326.11557)

New Patch Release – Please see release notes in Dashboard Update Utility Headlines: New: Ability to exclude a font when extracting text from a PDF. Behaviour Change: Tidy up of XML field names when displayed in Layout Text item, text properties Memory Optimisation.