Cybersecurity researchers have helped patch a privilege escalation vulnerability in the printer driver for HP, Samsung, and Xerox printers that managed to evade detection for 16 years.
SentinelOne, which unearthed the high severity vulnerability, believes it has been present since 2005, and likely affects millions of devices and likely millions of users worldwide.
According to the company's researchers, the vulnerable driver ships with over 380 different HP and Samsung printer models as well as at least a dozen different Xerox products.
- Here’s our recommendations for the best small business printers
- We've put together a list of the best endpoint protection software
- Check our list of the best firewall apps and services
"Successfully exploiting a driver vulnerability might allow attackers to potentially install programs, view, change, encrypt or delete data, or create new accounts with full user rights," explained Asaf Amir, VP of Research at SentinelOne.
Ghosts of devices past
The security flaw, tracked as CVE-2021-3438, is explained as a buffer overflow vulnerability that could be exploited in a local user privilege escalation attack.
Moreover since the bug exists in the printer driver, which gets loaded automatically by Windows, the vulnerability can be exploited even when the printer isn’t connected to the targeted device.
The only saving grace is that to exploit the bug, the attackers need local user access to the system with the buggy driver.
"While we haven't seen any indicators that this vulnerability has been exploited in the wild up till now, with hundreds of millions of enterprises and users currently vulnerable, it is inevitable that attackers will seek out those that do not take the appropriate action," concludes Amir urging users of the affected devices to patch their drivers immediately.
- Protect your devices with these best antivirus software
