[German]Microsoft has published the security baseline for Edge version 128 a few days ago. However, administrators should be careful when applying this security baseline. This is because the specifications ensure that users can no longer print because the printer drivers are blocked. Here is some information about the situation.
Security Baseline for Edge Version 128
I noticed it but didn't mention it here in the blog. Microsoft released its security baseline for Microsoft Edge version 128 on September 5, 2024.
The Techcommunity post Security baseline for Microsoft Edge version 128 states that Microsoft has reviewed the settings in the Security Baseline for Microsoft Edge version 128 and updated the guide by adding two settings and removing two settings. The new Microsoft Edge security baseline package has been published in the Download Center and can be downloaded via the Security Compliance Toolkit. The added settings are:
- Dynamic Code Settings: Is intended to prevent potentially risky code from third-party providers from interacting with the browser process. The Arbitrary Code Guard is activated for this purpose. All attempts by third-party software to intervene in Edge after launch fail.
- Enable Application Bound Encryption: This setting links encryption from the local data storage directly to Microsoft Edge. By enforcing this setting, companies are protected against malicious apps (InfoStealers that spy on sensitive data).
Microsoft has already indicated that the change to Dynamic Code Settings could potentially have a negative impact on application compatibility in environments where third-party code is used for accessibility or other purposes. It is recommended to test this change with a subset of users before a broad rollout. Details on the removed entries can be found in the Techcommunity article Security baseline for Microsoft Edge version 128.
Dynamic Code Settings verhindert Drucken
In the comments to the Techcommunity article Security baseline for Microsoft Edge version 128, a user with the alias bheberling_admin wrote: "The settings for Dynamic Code Settings prevent our users from printing on Ricoh printers. The HP printers in our environment are not infected."
German blog reader Heiko H. has also confirmed that the new security baseline for MS Edge 128 is incompatible with (some) printer drivers. Microsoft's recommendation to set the "Dynamic Code Settings" setting to "Prevent the browser process from creating dynamic code" causes problems.
The Microsoft Edge browser then reports "Print failed. Check your printer and try again. Printing failed.". It is also no longer possible to open the print settings of the printer driver in the Edge print dialog, writes Heiko H. In his environment, drivers from Epson and Triumph Adler are affected. Software printer drivers such as PDF printers or Citrix printer redirection continue to work.
The fix for this problem is to set the setting (at least temporarily) to "Default Dynamic Code setting" or not to configure it at all. Perhaps it will help those affected – thanks to Heiko H. for the tip.