A 16-year-old security vulnerability found in an HP, Xerox, and Samsung printer driver allows attackers to get admin rights on systems using the vulnerable driver software.
This high severity vulnerability, which has been present in the printer software since 2005, impacts hundreds of millions of devices and millions of users worldwide.
The security flaw dubbed as CVE-2021-3438 is a buffer overflow in the SSPORT.SYS driver for specific printer models that could lead to a local escalation of user privileges.
The researchers at SentinelOne discovered that the buggy driver automatically gets installed with the printer software and will be loaded by Windows after each system reboot.
This makes it the perfect target for attackers who need an easy way to escalate privileges, as it is easy to abuse the bug even when the printer is not connected to the targeted device.
For successful exploitation of this, local user access is required which means that threat actors will need to first get a foothold on the targeted devices.
Once they get this, they can abuse the security bug to escalate privileges in low complexity attacks without requiring user interaction.
The researchers stated that on successfully exploiting a driver vulnerability might allow attackers to potentially install programs, view, change, encrypt or delete data, or create new accounts with full user rights.
As there is no evidence of this vulnerability being exploited in the wild is available, with hundreds of millions of enterprises and users currently vulnerable, it is inevitable that attackers will look for those that do not take the appropriate action.
HP, Xerox, and Samsung enterprise and home customers are urged to apply the patches provided by the two vendors as soon as possible.
As this driver comes with Microsoft Windows via Windows Update, some Windows machines may already have this driver without even running a dedicated installation file.so