16-year-old vulnerability discovered in HP, Samsung and Xerox laser printer software
A 16-year-old vulnerability has been found in the drivers of HP, Samsung and Xerox laser printers. The vulnerability could allow attackers to gain admin rights to victims’ systems. Patches have since been released that fix the problem.
Cybersecurity firm SentinelOne , which noticed the leak, writes that a total of “millions of printers sold” would be vulnerable. These are all laser printers. It concerns at least 380 different models from HP and Samsung, in addition to twelve different laser printers from Xerox. According to SentinelOne, there are no indications that the vulnerability is currently being actively exploited.
HP has since released patches to fix the vulnerability. That patch works on affected HP and Samsung printers . Xerox has also released software updates to address the issue. Users are advised to install the update as soon as possible. The patches should also be made available through Windows Update.
The vulnerability is known as CVE-2021-3438 and has a high severity score of 7.8. The bug would allow hackers to exploit the vulnerability by causing a buffer overflow in the ssport.sys driver, allowing hackers to gain admin rights. The vulnerable driver will be automatically installed with HP, Xerox and Samsung printer software and will be loaded automatically at startup, SentinelOne reports. The vulnerability can also be exploited when the printer is not connected.
However, to achieve that, hackers must first gain digital access to a victim’s system. Hackers must therefore first enter a victim’s computer in a different way. If the hackers achieve this, they can exploit the security flaw relatively easily, without requiring any additional interaction from the victim. Hackers can then run code in kernel mode, allowing them to, for example, install programs and view, modify or encrypt files.
This is the fourth printer-related vulnerability to come to light in a short period of time. For example, at the end of June , a zero-day was reported in Windows’ Print Spooler Service, which incidentally is unrelated to the above-mentioned driver vulnerabilities from HP, Samsung and Xerox. The first Print Spooler issue has since been patched , but last week Microsoft warned of another security issue in the Print Spooler service.