Researchers found a vulnerability that affects millions of HP, Xerox and Samsung printers

In February of this year, SentinelOne experts found a 16-year-old vulnerability in the driver of HP, Xerox and Samsung printers. The problem allows attackers to gain administrator rights on systems that use vulnerable software.

The vulnerability received the identifier CVE-2021-3438 and has been present in the driver code since 2005, that is, it poses a threat to hundreds of millions of devices manufactured and sold over the past 16 years.

This vulnerability affects a very long list of devices: more than 380 models of HP and Samsung printers, as well as at least a dozen of different Xerox products.the researchers write.

The vulnerability is described as a buffer overflow in the SSPORT.SYS driver file.

The bug can be used to elevate privileges, that is, it can help locally installed malware to gain access at the administrator level (of course, only if a vulnerable driver is used on the system).

Successful exploitation of this driver vulnerability would allow attackers to install programs, view, modify, encrypt, or delete data, and create new accounts with full user rights. Among the obvious options for the abuse of such vulnerabilities is the fact that they can be used to bypass security solutions.says the SentinelOne report.

Experts note that on some Windows systems, the vulnerable printer driver could be installed even without the user’s awareness. This could happen if users connected one of the vulnerable printers to their PCs and the driver was downloaded via Windows Update.

Just by running the printer software, the driver gets installed and activated on the machine regardless of whether you complete the installation or cancel. Thus, in effect, this driver gets installed and loaded without even asking or notifying the user. Whether you are configuring the printer to work wirelessly or via a USB cable, this driver gets loaded. In addition, it will be loaded by Windows on every boot.write the researchers.

Experts advise users to check lists of problem devices and, if necessary, look for updates on the manufacturer’s website.

Let me remind you that I also talked about the fact that New Issues Found with Windows Print Spooler.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Leave a comment

Your email address will not be published. Required fields are marked *