Twenty-Year-Old Windows Printer Flaw Can Expose You To Malware |

Twenty-Year-Old Windows Printer Flaw Can Expose You To Malware

A roughly 20-year-old flaw in Windows Print Spooler that allows attackers to pass on malware on to a PC

Twenty-Year-Old Windows Printer Flaw Can Expose You To Malware

No piece of software can be completely bug-free because sometimes there are bugs and security vulnerabilities that one might not have even thought of when creating the software. The latest example would be a new Windows printer bug that showed its ugly head after about 20 years.

The issue comes from Windows Print Spooler, which manages the process of connecting to printers and queuing up documents for printing. Experts believe, because it does not verify whether a printer’s drivers are the real deal or not, it’s possible for someone to connect a printer and it will install and work automatically. This gives an attacker an easy way to install malware through it.

The flaw was originally discovered by security firm Vectra, which found that one attack gave it “system rights on any workstation that connect to your printer”.

Researchers from Vectra Networks claimed that its failure to authenticate installation of drivers can allow malicious drivers to be downloaded. Once this happens, the entire network could be compromised.

Vectra researcher Nick Beauchesne wrote in a blog post, "Not only will that unit be able to infect multiple machines in your network, but it would also be able to re-infect [them] over and over. Finding the root cause might be harder since the printer itself might not be your usual suspect. This situation comes to life because we end up delegating the responsibility of holding the driver safely to the printer, and those devices might not be as secure or impregnable as one would hope.”

The malware can further spread from one machine across an entire network and even have the ability to infect other devices over the Internet, Beauchesne mentioned.

Vectra claimed that this vulnerability dates back to the time when Windows 95 was launched. Microsoft officials also detailed in its Security Bulletin, that the vulnerability is critical for all supported Windows versions, and issued a Security Update for Windows Print Spooler Components for Windows Vista and later versions. The researchers warn therefore that if you don't have Windows Update turned on, this would be a good time to do so.

Notably, security expert HD Moore said in an interview with Ars Technica that the Microsoft security update does not really close the code-execution hole, but rather it merely adds a warning as part of the update. (Read full article here)

The update doesn't work for PCs running on Windows XP and earlier, as Microsoft ended support for these versions years ago. This means that millions of PCs are still vulnerable. Noticeably, the malware threat is more susceptible to public printers, or loosely-protected office networks.

In a way, it poses a big threat to BYOD laptops within a company, those using personal laptops on public networks, and corporate networks where the group policy explicitly enables this feature. As Moore added, “Convincing someone to add a printer might be tricky, but there may be other ways to drive that behavior through other network attacks, such as by hijacking HTTP requests and telling the user to do so."

Tags : windows pc, malware, Windows Print Spooler