The Recycler
  • ECS Web ad October
  • Ninestar Masthead banner July 2021
  • Katun March Web Advert 2021
  • Nubeprint Online 425x90
  • Biuromax Web ad May 2021

20-year-old Windows printer issue fixed

20-year-old Windows printer issue fixed

July 14, 2016

A bug in Microsoft’s operating systems had allowed printers to install malware onto PCs and laptops, but could still be exploited for home and SMB users.Windows 10

Ars Technica reported on the patching of the “critical vulnerability”, which was present “in all versions” of Windows, and which opened users to printer “watering hole attacks”. The issue was present in the Windows Print Spooler, which “manages the process of connecting to available printers and printing documents”, and clever attackers could “surreptitiously install malware of their choice on computers that connect to booby-trapped printers, or other devices masquerading as printers” on a local area network.

A protocol within the spooler, called Point-and-Print, allowed people connecting to a networked printer “for the first time to automatically download the necessary driver immediately before using it”, storing a “shared driver on the printer or print server” which “eliminates the hassle of the user having to manually download and install it”.

Researchers at security firm Vectra Networks discovered the spooler “doesn’t properly authenticate print drivers when installing them from remote locations”, and that this failure “makes it possible for attackers to use several different techniques that deliver maliciously modified drivers instead of the legitimate one” from the OEM. This would then turn printers, servers and “any network-connect device masquerading as a printer” into a “drive-by exploit kit that infects machines whenever they connect”.

Microsoft “finally addressed” the issue this week during a “monthly patch cycle”, but the site quoted Vectra researcher Nick Beauchesne as stating that “not only will that unit be able to infect multiple machines in your network, but it would also be able to re-infect [them] over and over. Finding the root cause might be harder since the printer itself might not be your usual suspect. This situation comes to life because we end up delegating the responsibility of holding the driver safely to the printer, and those devices might not be as secure or impregnable as one would hope”.

Other analysts, including Special Circumstances’ Security Expert HD Moore, noted that there were “a variety of ways” hackers could have exploited the issue, including pretending to be a printer, and thus “automatically deliver[ing] a booby-trapped driver” to unsuspecting users. Another way was to “monitor traffic” to a real printer on a network, and “wait for a victim to add the printer to their system”, before “hijack[ing] the request” and sending the “malicious driver”.

Attackers could also “reverse engineer” printer firmware to deliver the driver, something that was “successfully carried out” by Vectra, who tested their exploits on a range of devices using Windows XP 32bit, Windows 7 32bit and 64bit, Windows 2008 R2 AD64 and R2 64, and Ubuntu CUPS. The company added however that the “critical” issue “dates back to Windows 95”, and that Microsoft’s patch “doesn’t close the code-execution hole, but rather it merely adds a warning”.

Beauchesne pointed out that “knowing how most users respond to warnings, this doesn’t seem like an effective approach”, though attacks won’t work if administrators haven’t modified default settings on enterprise machines. Despite this, many homes and SMBs are “likely viable” points of attack for the exploit, Moore adding that “convincing someone to add a printer might be tricky, but there may be other ways to drive that behaviour through other network attacks, such as by hijacking HTTP requests and telling the user to do so”.

Categories : Products and Technology

Tags : Crime Printers Security

  • IR Italiana Web ad January 2021
  • GM Tech Web ad October
  • Ninestar Big & Bold July 2021
  • Aster Web ad October
  • Static Web ad July 2021
  • Armor May banner Ink
  • Mito September 2021 Web Advert
  • GPI Web ad October
  • Apex web ad May 2021 version 2
  • ITP Web ad January 2021
  • CET Web ad September 2021
  • Adter Recruitment Web ad April 2021
  • HYB Web ad February 2021
  • PW Dubai December Ad
  • PCL Web ad January 2021
  • CTS Toner Supplies Web ad April 2021
  • Ohana July 2021 web advert
  • PCL Web ad January 2021
  • Adter Recruitment Web ad April 2021
  • CTS Toner Supplies Web ad April 2021
  • HYB Web ad February 2021
  • CET Web ad September 2021
  • PW Dubai December Ad
  • ITP Web ad January 2021
  • Ohana July 2021 web advert
  • Ohana July 2021 web advert
  • CTS Toner Supplies Web ad April 2021
  • HYB Web ad February 2021
  • PW Dubai December Ad
  • ITP Web ad January 2021
  • Adter Recruitment Web ad April 2021
  • PCL Web ad January 2021
  • CET Web ad September 2021

The Recycler, Wittas House, Two Rivers, Station Lane, Witney, OX28 4BH, United Kingdom | Tel: +44 (0) 1993 899800 | Fax : +44 (0) 1993 226899
©2006-2021 The Recycler - Terms & Conditions - Privacy Policy including cookie use

Web design Dorset | Websites by Mark