Fix 1:

The particular part of KB5005613 that seemed to be causing us the problems with Windows 7 clients is related to CVE-2021-1678, which is similar to but not exactly the same as the PrintNightmare vulnerabilities described in CVE-2021-1675 and CVE-2021-34527. The September server updates apparently require more elevated RPC privileges for *printing* documents (rather than installing drivers).  This is something of a time bomb with code that was implemented in January 2021 updates but not turned on by default until September:

https://support.microsoft.com/en-us/topic/managing-deployment-of-printer-rpc-binding-changes-for-cve-2021-1678-kb4599464-12a69652-30b9-3d61-d9f7-7201623a8b25

Unfortunately, Windows 7 cannot receive the necessary update unless one subscribes to the extended security updates after January 2020.  Windows 10 and 8.1 clients patched after January 12, 2021, should be okay.  The following registry key may be changed on the server to revert the previous default behavior (note this basically negates the patch for CVE-2021-1678):

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print

Add new DWORD VALUE (32-bit):RpcAuthnLevelPrivacyEnabled

Value:0

In my limited testing, this appears to require a restart to take effect.  I believe this affects all supported versions of Windows Server if using Windows 7 or Windows 8 clients.

I’ve now reinstalled KB5005613 on both of our print servers.