A 16-year-old vulnerability was found in the drivers for HP, Samsung, and Xerox laser printers. The vulnerability could allow attackers to gain admin rights for victims’ systems. Patches that resolve the issue have since been released.
cyber security, who referred to the leak, writes that a total of “millions of printers sold” will be at risk. All are laser printers. It concerns no less than 380 different models from HP and Samsung, as well as a dozen different laser printers from Xerox. According to SentinelOne, there are no indications that the vulnerability is currently actively exploited.
HP has since released patches to fix the vulnerability. This patch works Affected HP and Samsung printers. Xerox Also released software updates It should solve the problem. Users are advised to install the update as soon as possible. Patches must also be made available through Windows Update.
The vulnerability is known CVE-2021-3438 It has a high intensity score of 7.8. The bug would allow hackers to exploit the vulnerability by causing a buffer overflow in the ssport.sys driver, allowing hackers to gain administrator rights. The vulnerable driver will install automatically with HP, Xerox, and Samsung printer software and load automatically at startup, SentinelOne reports. The vulnerability can also be exploited when the printer is not connected.
However, to achieve this, hackers must first have digital access to the victim’s system. So the hackers must first enter the victim’s computer in a different way. If the hackers can achieve this, they can exploit the vulnerability with relative ease, without requiring any additional interaction from the victim. Hackers can then, for example, run code in kernel mode, allowing them to install programs and view, modify or encrypt files, for example.
This is the fourth printer-related vulnerability that appears in a short period of time. end of june For example, there was a zero-day report on the Windows Print Spooler service, which is not incidentally related to the above driver vulnerabilities from HP, Samsung, and Xerox. Print Spooler’s first problem is patched now, But last week Microsoft has warned of another vulnerability in the Print Spooler service.
Weak driver, which starts automatically (left) and patches via HP. photos via guard one