A 20-year-old printer vulnerability left Windows exposed to malware

Epson XP-950 printer paper insert
Security researchers have uncovered a 20-year-old Windows bug that uses printers to deliver malware to a computer, but there’s now a patch available.

Security company Vectra publicized the decades-old vulnerability that takes advantage of an authentication error in the printer installation process. The bug lies in Windows Print Spooler, which connects the computer to a printer, and a protocol called Point-and-Print that lets new users connect to a networked printer by automatically downloading the necessary driver.

According to Vectra, the Windows Print Spooler has never thoroughly authenticated drivers, meaning attackers could spoof the system and install malware instead. Vectra criticized the lack of robust authentication for installing drivers.

“While there are valid deployment reasons to want to allow driver install without administrator rights, a warning should probably always be enabled and binary signature should probably always be checked in an attempt to reduce the attack surface,” said Vectra’s Nick Beauchesne.

There has been a great deal of security research carried out on printer vulnerabilities before, but this has focused on hacking the printer itself, rather than using the printer as an entry point to the computer, Beauchesne explaned.

“In this case, we investigated how to use the special role that printers have in most networks to actually infect end-user devices and extend the footprint of their attack in the network,” he said.

The attack is somewhat limited though. An attacker would need to connect their device to the printer or a local network to initiate the malware delivery. Nevertheless the flaw had remained unfixed for two decades.

Microsoft has now pushed out a patch for the mature bug that is available for Windows 7, 8 and 10. If you’re one of those still hanging on to Windows XP you’re out of luck — there’s no patch available. Vectra collaborated with Microsoft before publishing the details of the flaw.

Social Media

Twitter keeps your direct messages, even years after you delete them

Twitter is keeping copies of direct messages sent through the social network even years after users delete them, according to security researcher Karan Saini who discovered an archive containing old DMs from deleted and suspended accounts.
Computing

Windows updates shouldn't cause problems, but if they do, here's how to fix them

Windows update not working? It's a more common problem than you might think. Fortunately, there are a few steps you can take to troubleshoot it and in this guide we'll break them down for you step by step.
Gaming

Take to the virtual skies with these free flight simulators

You don't have to spend the entirety of your paycheck to become a virtual ace, at least when it comes to flight simulation. Our list of the best free flight simulators will let you unleash your inner Maverick.
Computing

These are the 6 best free antivirus apps to help protect your MacBook

Malware protection is more important than ever, even if you eschew Windows in favor of Apple's desktop platform. Thankfully, protecting your machine is as easy as choosing from the best free antivirus apps for Mac suites.
Computing

Chrome is a fantastic browser, but is is still the best among new competitors?

Choosing a web browser for surfing the web can be tough with all the great options available. Here we pit the latest versions of Chrome, Opera, Firefox, Edge, and Vivaldi against one another to find the best browsers for most users.
Computing

Don't use streaming apps? Try the best free media players for your local music

Rather than using music-streaming apps, you may want something for playing your local music. Good news! There are some good alternatives. These are the best media players you can download for free on Windows.
Mobile

Need speed? Qualcomm unveils the Snapdragon X55, the world’s fastest 5G modem

Qualcomm is preparing for an even faster future: The silicon giant just unveiled a second generation 5G modem for smartphones, promising blistering download speeds as high as 7Gbps.
Mobile

Barbie’s Corvette ain’t got nothing on Sphero’s fully programmable robot car

Sphero is known for devices like the Sphero Bolt and BB-8 Star Wars toy, but now the company is back with another addition to its lineup -- the Sphero RVR. The RVR is a fully programmable robot car that can be expanding with different…
Photography

Luminar’s libraries gain speed, drop need for you to manually import images

Luminar 3 just got a performance boost. Skylum Luminar 3.0.2 has improved speed over December's update, which added the long-promised libraries feature giving editors a Lightroom alternative.
Computing

Keep your portable computer safe and shiny with the best laptop bags for 2019

Choosing the right laptop bag is no easy feat -- after all, no one likes to second-guess themselves. Here are some of the best laptop bags on the market, from backpacks to sleeves, so you can get it right the first time around.
Computing

Like to be brand loyal? These tech titans make some of our favorite laptops

If you want to buy your next laptop based around a specific brand, it helps to know which the best brands of laptops are. This list will give you a good grounding in the most reliable, quality laptop manufacturers today.
Computing

Protecting your PDF with a password isn't difficult. Just follow these steps

If you need to learn how to password protect a PDF, you have come to the right place. This guide will walk you through the process of protecting your documents step-by-step, whether you're running a MacOS or Windows machine.
Computing

Microsoft extension adds Google Chrome support for Windows Timeline

The Windows Timeline feature is now much more versatile thanks to the added support for Google's Chrome browser. All you need to do to increase its functionality is to download the official Chrome extension.
Computing

Google Earth spills the beans, reveals Taiwan’s secret military bases

Google Earth 3D Maps has spilled the beans on Taiwan's deepest secrets. The locations available in full three-dimensional detail include a facility which houses Patriot missiles and the country's National Security Bureau.