- A critical flaw has been present in systems using some HP, Xerox, and Samsung printers since 2005.
- The bug enables a malicious actor to launch a privilege escalation attack in a pretty trivial manner.
- Hackers will now be scanning for vulnerable systems day and night, so patching should be a priority.
In the past 16 years, a critical (CVSS v3 score of 8.8) flaw now tracked as CVE-2021-3438 has been hiding deep inside the printer drivers of millions of machines, waiting for hackers to discover and exploit it to gain dangerous privilege escalation rights. The vulnerability has been present in HP, Samsung, and Xerox printing software all these years, but there are no indications that anyone with malicious intentions exploited it on a large scale. Thankfully, researchers at Sentinel Labs have discovered it last February, and after allowing some time for fixing patches, they have now released a report.
The bug affects a total of 380 printer models from the aforementioned manufacturers, and it’s common because HP is the vendor of some Samsung and Xerox printer devices too. The element that makes the flaw ideal for exploitation is that it can get installed and loaded on the system kernel without asking or even notifying the user. This can and oftentimes does happen at Windows boot, so the vulnerability is present and exploitable at all times, even when no printer is connected to the computer.
The actual vulnerability lies in the form of a function inside the driver, which accepts data sent from User Mode via IOCTL without validating the size parameter. If an attacker purposefully overruns the buffer used by the driver, they can essentially run anything on the system, and since the driver runs on SYSTEM, it has high enough privileges to cause serious troubles. The potential includes but is not limited to installing apps, viewing files, changing or encrypting data, creating new admin accounts, etc.
Addressing this problem is as simple as installing the fixing patch that came out in May. If you’re not sure about where to find the new driver, visit HP’s support page, type your printer model into the search box and download the latest available version for your product.
Now that the details of this old bug are out, hackers will actively scan for vulnerable systems and attack them at will. As such, even if 16 years have passed without you experiencing any trouble, it is important to understand that the publication of this changed the situation, and seeing the flaw weaponized may be just a matter of time. In summary, do not postpone patching any longer.