Skip to main content

A 20-year-old printer vulnerability left Windows exposed to malware

Epson XP-950 printer paper insert
Image used with permission by copyright holder
Security researchers have uncovered a 20-year-old Windows bug that uses printers to deliver malware to a computer, but there’s now a patch available.

Security company Vectra publicized the decades-old vulnerability that takes advantage of an authentication error in the printer installation process. The bug lies in Windows Print Spooler, which connects the computer to a printer, and a protocol called Point-and-Print that lets new users connect to a networked printer by automatically downloading the necessary driver.

According to Vectra, the Windows Print Spooler has never thoroughly authenticated drivers, meaning attackers could spoof the system and install malware instead. Vectra criticized the lack of robust authentication for installing drivers.

“While there are valid deployment reasons to want to allow driver install without administrator rights, a warning should probably always be enabled and binary signature should probably always be checked in an attempt to reduce the attack surface,” said Vectra’s Nick Beauchesne.

There has been a great deal of security research carried out on printer vulnerabilities before, but this has focused on hacking the printer itself, rather than using the printer as an entry point to the computer, Beauchesne explaned.

“In this case, we investigated how to use the special role that printers have in most networks to actually infect end-user devices and extend the footprint of their attack in the network,” he said.

The attack is somewhat limited though. An attacker would need to connect their device to the printer or a local network to initiate the malware delivery. Nevertheless the flaw had remained unfixed for two decades.

Microsoft has now pushed out a patch for the mature bug that is available for Windows 7, 8 and 10. If you’re one of those still hanging on to Windows XP you’re out of luck — there’s no patch available. Vectra collaborated with Microsoft before publishing the details of the flaw.

Editors' Recommendations

Jonathan Keane
Former Digital Trends Contributor
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
Nullmixer is a nasty, new Windows malware dropper
Windows shows a malware warning on a Dell laptop.

Nullmixer is a nasty, new malware dropper that gives us another reason to avoid questionable Windows downloads. Your computer can become infected with malware after downloading and running the dropper, which is disguised as illegal, cracked software or some other app that might prompt you to ignore warnings from your antivirus software.

The horrific thing about Nullmixer is how thoroughly your computer can be hacked by this app. According to the computer security and antivirus company Kaspersky, several families of malware are installed, amounting to dozens of apps that get busy stealing credentials and data, hacking into crypto wallets, and showing black-hat advertising. Every type of malware will begin running on an infected PC, crippling performance and plaguing its owner.

Read more
The latest Windows update is causing major printer problems
A Dell laptop with Windows 10 sitting on a desk.

Microsoft is now offering Windows 10 users a workaround for an issue that has come along with a mid-July update.

The KB5015807 update, which rolled out on July 12 and includes OS Builds 19042.1826, 19043.1826, and 19044.1826 all have a glitch that affects printers connected to computers running Windows 10. After the update is installed, you might see multiple printer listings available when you only have one product.

Read more
Microsoft is working on new updates to make Windows 11 faster next year
One of the wallpapers from the Windows 11 sunset theme.

There's good news ahead for Windows 11 users, especially if the upgrade has left you with a sluggish system. Microsoft is promising that fixes and updates are on the way next year that will improve the performance of the operating system, which has received numerous complaints from Windows fans.

"Performance will be an area of focus for us in 2022," Microsoft's Windows developer team wrote in a Reddit Ask Me Anything (AMA) post as reported by TechRadar, noting that improving the responsiveness of Windows is a priority for the company. "A lot of that focus will go into startup/launch perf; in terms of UI elements rendering on the screen (after the framework is loaded), we've tested the scalability of doing things like putting 10k buttons on the screen, etc."

Read more