The security problems related to printers do not seem to end. A few weeks ago the critical vulnerability Print Nightmare came to light. Now now is the turn of a bug in a driver used in thousands of HP, Samsung and Xerox printers, which can allow malicious actors to acquire administrator privileges in Windows.

According to a group of researchers from SentinelOne, the vulnerability, known as CVE-2021-3438, had been “hidden” in the drivers of the aforementioned printer brands. Fortunately, all this time passed without causing any security problems. However, the danger is not over yet.

Experts describe the security issue as a “buffer overflow” from the HP driver. Is about SSPORT.SYS, a file that once installed is programmed to start automatically with Windows, whether or not the printer in question is connected. Consequently, it becomes the perfect candidate for hackers.

HP and Xerox update drivers

Photo by Techie Lakes on Unsplash

This serious security flaw allowed a local user to elevate the privileges from a standard account to administrator. In addition, it made it possible to execute code in the kernel to violate security protections. If other types of attacks are added to this, the hackers could have carried out their task remotely.

Fortunately, so faror there is no evidence that this vulnerability has been exploited. As these are three of the most important manufacturers and a long period of time (2005 to 2021), it is estimated that there are thousands of units affected.

Researcher Kasif Dekel reported the vulnerability to HP on February 18. A few days later, on May 19, the firm published a patch for your LaserJet and various Samsung models, and recommended to all his customers to check for new drivers available for your printers.

READ:  The Warriors come back 19 points against the Lakers and win with this triple from Curry (Video)

The Samsung printers affected by the vulnerability are those of the Samsung CLP, Samsung MultiXpress and Samsung Xpress families. Xerox, for its part, was more specific in including the models of its affected printers. These are the B205 / B210 / B215, Phaser and WorkCentre. The drivers of this last brand can be updated from here.

Leave a Reply