Full Report
Microsoft says that some USB printers will start printing random text after installing Windows updates released since late January 2025. [...]
Analysis Summary
# Vulnerability: Unintended USB Printer Output After Windows Updates
## CVE Details
- CVE ID: Not explicitly provided in the text; this is a known issue/bug introduced by an update, not a traditional CVE-tracked security vulnerability.
- CVSS Score: N/A (Described as a functional defect/issue)
- CWE: N/A
## Affected Systems
- Products: Microsoft Windows Operating Systems (Specific versions noted below)
- Versions: Windows 10 (20H2, 21H1, 21H2, 22H2) and Windows 11 (22H2).
- Configurations: Systems utilizing USB attached printers after receiving recent, non-security related Windows updates. The issue occurs when the print spooler sends IPP protocol messages to the printer while the corresponding printer driver is installed.
## Vulnerability Description
Recent Microsoft Windows updates have introduced a functional defect causing USB printers to unexpectedly print random text. This behavior is triggered when the Windows print spooler sends **IPP (Internet Printing Protocol) messages** to the connected USB printer, provided the necessary printer driver is installed on the Windows device.
## Exploitation
- Status: Not applicable (This is a functional bug, not a security exploit, although it causes unauthorized output).
- Complexity: Low (Triggered by standard system operation).
- Attack Vector: Local (Requires the system to be running the affected update and have a USB printer connected).
## Impact
- Confidentiality: Potential (Unintended printing of sensitive data if a print job is pending or data is cached by the spooler).
- Integrity: Low (Output is random text, rather than malicious modification of files).
- Availability: Negligible (Wastes paper/toner).
## Remediation
### Patches
Microsoft has resolved this issue via **Known Issue Rollback (KIR)**, which reverses flawed non-security updates. The fix will also roll out automatically via a future standard Windows update.
To manually deploy the KIR on enterprise-managed devices, IT admins must install and apply the following specific KIR Group Policies:
* **Windows 11 22H2:** KB5050092 (250131\_150523 Known Issue Rollback)
* **Windows 10 (20H2, 21H1, 21H2, 22H2):** KB5050081 (250131\_082569 Known Issue Rollback)
### Workarounds
None explicitly detailed beyond applying the KIR policies, as Microsoft indicates the issue is resolved via KIR deployment or automatic future update.
## Detection
- Indicators of compromise: Unexpected printing from USB printers immediately following system operation or interaction with printing functions.
- Detection methods and tools: Monitoring print spooler logs for unusual outbound IPP traffic patterns to local USB endpoints, or observing random text output on connected printers.
## References
- Vendor advisories: Microsoft (Issue resolution via Known Issue Rollback)
- Relevant links - defanged:
- bleepingcomputer com/news/microsoft/microsoft-usb-printers-print-random-text-after-recent-windows-updates/
- download microsoft com/download/6b7f9844-abc3-4dd3-850f-71625f74226c/Windows%2011%2022H2%20KB5050092%20250131_150523%20Known%20Issue%20Rollback
- download microsoft com/download/fb33112d-c15b-4a6e-ab46-b83106c14484/Windows%2010%2020H2,%2021H1,%2021H2%20and%2022H2%20KB5050081%20250131_082569%20Known%20Issue%20Rollback
- docs microsoft com/en-us/troubleshoot/windows-client/group-policy/use-group-policy-to-deploy-known-issue-rollback