SentinelOne researchers have discovered a 16-year old driver bug in various printer models, that’s now affecting millions of devices and users worldwide.
The bug is a privilege escalation issue that needs initial user access, and exploitation of that can grant system admin rights and takeover it ultimately. Patches for this driver bug have been released by affected OEMs, and recommend users to apply it.
Printer Bug Lurking Since 16 Years!
As per SentinelOne report, a driver bug in Windows machines found now puts hundreds of millions of printers, and millions of users at risk.
The vulnerability was in existence since 2005, in most models belonging to HP, Samsung, and Xerox. Tracked as CVE-2021-3438, this bug was given a CVSS score of 8.8, making it significant.
The researchers have explained that a driver named SSPORT.SYS was to be balmed, which come pre-installed in all Windows systems to support the attachable printers (both wired and wireless).
This bug should be treated more seriously since the OS loads it afresh every time the system is rebooted. This makes it a more tempting target for attackers since it doesn’t need a printer to be connected to be exploited.
Exploiting it requires local level access initially, which could then be taken up to Admin level and take over the system in the worst case. Also, researchers warned that attackers can use this bug to chain up with other vulnerabilities, and hit the targets hard.
They can escalate their privileges to a SYSTEM account and run any malicious code in kernel mode to tamper with the target machine. Privilege escalation can lead to,
“Successfully exploiting a driver vulnerability might allow attackers to potentially install programs, view, change, encrypt or delete data, or create new accounts with full user rights,” say researchers.
Although there’s no evidence of exploitations already in the wild, HP and Xerox have issued their respective advisories along with a patch and recommend users and enterprises to apply it immediately to avoid any cyberattacks.