Skip to main content
  1. Home
  2. Computing
  3. News

A 20-year-old printer vulnerability left Windows exposed to malware

By

Epson XP-950 printer paper insert
Security researchers have uncovered a 20-year-old Windows bug that uses printers to deliver malware to a computer, but there’s now a patch available.

Security company Vectra publicized the decades-old vulnerability that takes advantage of an authentication error in the printer installation process. The bug lies in Windows Print Spooler, which connects the computer to a printer, and a protocol called Point-and-Print that lets new users connect to a networked printer by automatically downloading the necessary driver.

Recommended Videos

According to Vectra, the Windows Print Spooler has never thoroughly authenticated drivers, meaning attackers could spoof the system and install malware instead. Vectra criticized the lack of robust authentication for installing drivers.

Related

“While there are valid deployment reasons to want to allow driver install without administrator rights, a warning should probably always be enabled and binary signature should probably always be checked in an attempt to reduce the attack surface,” said Vectra’s Nick Beauchesne.

There has been a great deal of security research carried out on printer vulnerabilities before, but this has focused on hacking the printer itself, rather than using the printer as an entry point to the computer, Beauchesne explaned.

“In this case, we investigated how to use the special role that printers have in most networks to actually infect end-user devices and extend the footprint of their attack in the network,” he said.

The attack is somewhat limited though. An attacker would need to connect their device to the printer or a local network to initiate the malware delivery. Nevertheless the flaw had remained unfixed for two decades.

Microsoft has now pushed out a patch for the mature bug that is available for Windows 7, 8 and 10. If you’re one of those still hanging on to Windows XP you’re out of luck — there’s no patch available. Vectra collaborated with Microsoft before publishing the details of the flaw.

Editors' Recommendations

Topics
Jonathan Keane
Jonathan Keane
Former Digital Trends Contributor
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
Microsoft warns Windows users of another unpatched printing vulnerability
A digital depiction of a laptop being hacked by a hacker.

Microsoft might have patched PrintNightmare in Windows, but for the second time this month, there's yet another printer-themed vulnerability in the wild.

Just detailed is a new vulnerability in the Windows Print Spooler service that could allow hackers to install programs; view, change, or delete data; and create new accounts on your PC.

Read more
Windows has a print vulnerability that hackers are actively using
Brother's L8360 is a great color laser printer for small offices.

Microsoft has updated its documentation around the "PrintNightmare" vulnerability that is impacting Windows PCs across the world. The company now says it is aware of the issue, which officially involves cases where the Windows Print Spooler service may perform privileged file operations and allow hackers into your device.

Though it's not clear if all versions of Windows are impacted by this vulnerability, Microsoft says that the print spooler code that has the vulnerability is in all versions of Windows. The print spooler is what usually handles print jobs in Windows. Specifically, hackers can exploit that code to run arbitrary code with system privileges.

Read more
Latest Windows Update is causing blue screen of death issues with some printers
windows search down fix 10 cortana laptop 768x768

Some users who have installed March's monthly Windows 10 cumulative update are reporting that they have subsequently not been able to print properly, with the computer showing the so-called blue screen of death instead.

Specifically, the issue appears to be impacting printers from Kyocera, Ricoh, and Zebra. After the latest KB5000802 update is installed, sending a file to print on these printers is causing Windows 10 to show the blue screen of death and the error code  “APC_INDEX_MISMATCH for win32kfull.sys."

Read more