Hackers put to use 16 years old Security Bug impacting millions of HP, Samsung, Xerox Printers
A 16-year-old security vulnerability affecting Millions of HP, Samsung, Xerox Printers Driver allows attackers to gain admin rights on systems using the vulnerable driver software. As per the researchers, some HP, Xerox, and Samsung printer models contained vulnerable driver software, sold worldwide since 2005. Hundreds of millions of printers have been released worldwide to date with the vulnerable driver in question. The buggy driver automatically gets installed with the printer software and will be loaded by Windows after each system reboot. This makes the driver a perfect candidate to target since it will always be loaded on the machine even if there is no printer connected, the researchers said. The security flaw dubbed as CVE-2021-3438 is a buffer overflow in the SSPORT.SYS driver for specific printer models that could lead to a local escalation of user privileges.
The researchers at SentinelOne discovered that the buggy driver automatically gets installed with the printer software and will be loaded by Windows after each system reboot. This makes it the perfect target for attackers who need an easy way to escalate privileges, as it is easy to abuse the bug even when the printer is not connected to the targeted device.
For successful exploitation of this, local user access is required which means that threat actors will need to first get a foothold on the targeted devices. Once they get this, they can abuse the security bug to escalate privileges in low complexity attacks without requiring user interaction.
The researchers stated that successfully exploiting a driver vulnerability might allow attackers to potentially install programs, view, change, encrypt or delete data, or create new accounts with full user rights.
As there is no evidence of this vulnerability being exploited in the wild, with hundreds of millions of enterprises and users currently vulnerable, it is inevitable that attackers will look for those that do not take the appropriate action.
HP, Xerox, and Samsung enterprise and home customers are urged to apply the patches provided by the two vendors as soon as possible. As this driver comes with Microsoft Windows via Windows Update, some Windows machines may already have this driver without even running a dedicated installation file.
Tally Solutions intros latest version of TallyPrime
Tally Solutions introduced the latest version of TallyPrime- a convenient one-stop solutio...
CoRover launches Human Centric Conversational AI Platform app on Finastra's FusionFabric.cloud
CoRover, the world’s first human-centric conversational AI company offering chatbots...
Trend Micro announces 'Partner Ninja' Program for Channels at the Partner Day 2021
Trend Micro Incorporated recently held its virtual regional partner conference, Partn...
The post-pandemic world reshaping the security challenges
Plus, there are many advantages in storing data centrally and off-premise when it comes...
Dreamforce Everywhere: Salesforce Announces the First Global Dreamforce
Salesforce (NYSE: CRM), the global leader in CRM, today announced the first-ever global Dr...