Some Older Printer Drivers Are Vulnerable To Hackers

A number of printers, including printers from Samsung and Xerox, have been found to contain undiscovered vulnerabilities that allow attackers to gain admin privileges on vulnerable systems by exploiting bugs in the printer driver software. A potential security vulnerability has been identified with HP, Samsung, and Xerox laser printer drivers. A few months ago, while configuring a brand new HP printer, the Sentinellabs team encountered an old Sportsys printer driver from 2005 thanks to a tip from a process hacker. This means that the vulnerability described above existed in 2005 and hundreds of millions of printers from the manufacturer in question have been shipped with this driver since that year. The vulnerability received a CVSS score of 8.8 and a CVE-2021 score of 3438. 

Microsoft’s documentation makes it clear that the vulnerability can only be exploited remotely, which means that it is in the wild and can be exploited by hackers. 

The vulnerability can be used among other things to bypass security programs, install malware, view, modify, encrypt or delete data and create new accounts with full user rights. Hackers can cause great harm if only one account or device is compromised. A security update from Microsoft to fix the vulnerability is known as PrintNightmare, and although it is not perfect, many devices are still vulnerable.  

In some cases, a hacker may obtain your information but not use it. You can change your password or deny you access to any of your online accounts. Or they try to get access to your email contact list and send emails to your accounts.   

Internet-connected televisions and devices are vulnerable to these attacks. By making your device vulnerable to attack by connecting it to you, you make it easier for hackers to guess your password. Even if you change the name of your device on the network, hackers cannot identify you.   

This serves as another point of attack for hackers trying to find ways to get into vulnerable devices. Hackers can gain access to the device as an unknown user and use it to flood websites with so much traffic that they go down and hack into your network. Hackers can access devices and websites to steal people’s personal information, which they can then use to commit theft.   

This is one of six vulnerabilities that could allow a hacker to hijack a window of your video feed and use it to scroll or to own video feeds in the company’s cloud.   

Intelligence agencies in the US, Europe and security researchers around the world have discovered that Russian hackers believed to have ties to the Russian government have begun attacking research and development centers working to cure the virus.   

Print spoolers are a program that many overlook, but hackers pose a massive threat if they gain access to them. A vulnerability known as PrintNightmare leaves the print spooler open to hacker attacks, allowing anyone who installs the printer driver to execute malicious code and take full control of the PC. This is one of the most serious threats that exists, and it comes from one of the most dangerous hacking groups on the planet.   

The Print Spooler Service is a software program that manages print jobs that are sent to the printer server. To mitigate the vulnerability, update Windows to the latest version and disable the service. It is not clear which versions of Windows are affected by the PrintNightmare vulnerability that affects only Windows PCs around the world, but Microsoft says that the printer – spooler code is included for the vulnerability in all versions of the Windows operating system.    

The printer is not connected to the relevant machine. This makes it a perfect target for attackers who need an easy way to escalate their privileges and abuse a printer that is not directly connected to a target device.  

Researchers discovered that printer drivers from HP, Xerox, and Samsung are installed when the printer software is loaded into Windows even after the system is rebooted. This makes the affected Windows drivers an ideal target for attack, as they are loaded into the device by connecting the installed printer.   

The print spooler was the first problem patched last week, when Microsoft warned of a vulnerability in its service. The system was not able to install a security update that would have solved the problem, even though it would have caused problems with the printer. Since it was not possible to install the security update, the individual vulnerable elements in the workspace had to be disabled.  

In the last 16 years, a critical bug has been hidden in printer drivers on millions of computers waiting for hackers to discover and exploit it to gain dangerous privilege escalation privileges. Undetected vulnerabilities have been found in a wide range of printers, including printers from Samsung and Xerox, and are being investigated for high-severity vulnerabilities that could compromise hundreds of millions of legacy printers and services. A 16-year security vulnerability in the HP, Xerox and Samsung printer drivers could allow an attacker to gain admin privileges via vulnerable driver software.   

The speed of new security patches varies from organization to organization, but currently millions of Exchange servers around the world are vulnerable to these attacks. Hackers can search for vulnerable systems day and night, and patching is a priority. As described above, older bugs can scan these systems and attack them at will.   

At the beginning of January 2021, Microsoft informed security expert Brian Krebs that it had found four zero-day vulnerabilities in its Exchange servers. If you are a Twitter user you will know that Twitter recently announced that it had closed a serious security vulnerability that allowed hackers to gain access direct to private messages that users send through the social media platform.