Security company Vectra publicized the decades-old vulnerability that takes advantage of an authentication error in the printer installation process. The bug lies in Windows Print Spooler, which connects the computer to a printer, and a protocol called Point-and-Print that lets new users connect to a networked printer by automatically downloading the necessary driver.
According to Vectra, the Windows Print Spooler has never thoroughly authenticated drivers, meaning attackers could spoof the system and install malware instead. Vectra criticized the lack of robust authentication for installing drivers.
“While there are valid deployment reasons to want to allow driver install without administrator rights, a warning should probably always be enabled and binary signature should probably always be checked in an attempt to reduce the attack surface,” said Vectra’s Nick Beauchesne.
There has been a great deal of security research carried out on printer vulnerabilities before, but this has focused on hacking the printer itself, rather than using the printer as an entry point to the computer, Beauchesne explaned.
“In this case, we investigated how to use the special role that printers have in most networks to actually infect end-user devices and extend the footprint of their attack in the network,” he said.
The attack is somewhat limited though. An attacker would need to connect their device to the printer or a local network to initiate the malware delivery. Nevertheless the flaw had remained unfixed for two decades.
Microsoft has now pushed out a patch for the mature bug that is available for Windows 7, 8 and 10. If you’re one of those still hanging on to Windows XP you’re out of luck — there’s no patch available. Vectra collaborated with Microsoft before publishing the details of the flaw.
