16-year-old vulnerability discovered in laser printer software HP, Samsung and Xerox
A 16-year-old vulnerability has been found in the drivers of HP, Samsung and Xerox laser printers. The vulnerability could allow attackers to gain admin rights to victims’ systems. Patches have since been released that fix the problem.
Cybersecurity company SentinelOne, which noticed the leak, writes that a total of “millions of printers sold” would be vulnerable. They are all laser printers. It concerns at least 380 different models from HP and Samsung, in addition to twelve different laser printers from Xerox. According to SentinelOne, there are no indications that the vulnerability is currently being actively exploited.
HP has since released patches to fix the vulnerability. That patch works on affected HP and Samsung printers. Xerox has also released software updates to address the issue. Users are advised to install the update as soon as possible. The patches should also be made available through Windows Update.
The vulnerability is known as CVE-2021-3438 and has a high severity score of 7.8. The bug would allow hackers to exploit the vulnerability by causing a buffer overflow in the ssport.sys driver, allowing hackers to gain admin rights. The vulnerable driver will be installed automatically with HP, Xerox and Samsung printer software and will be loaded automatically at startup, SentinelOne reports. The vulnerability can also be exploited when the printer is not connected.
However, to achieve that, hackers must first gain digital access to a victim’s system. Hackers must therefore first enter a victim’s computer in a different way. If the hackers achieve this, they can exploit the security flaw relatively easily, without requiring any additional interaction from the victim. Hackers can then, for example, run code in kernel mode, allowing them to install programs and view, modify or encrypt files, for example.
This is the fourth printer-related vulnerability to come to light in a short period of time. The end of June for example, there was a report of a zero day in the Print Spooler Service of Windows, which incidentally is not related to the above mentioned driver vulnerabilities from HP, Samsung and Xerox. The first Print Spooler issue has since been patched, but last week Microsoft warned of another security issue in the Print Spooler service.
The vulnerable driver, which starts automatically (left) and the patch via HP. Images via SentinelOne