A bug that’s been hidden for 16 years has just been discovered, allowing hackers who exploit it to gain administrator rights on any systems using the software. The vulnerability was found in software used by old printers from several major brands, including Xerox, Samsung, and HP.
The security flaw was recently detected by SentinelLabs, and has been released to millions of printers across the globe. “This high severity vulnerability, which has been present in HP, Samsung, and Xerox printer software since 2005, affects hundreds of millions of devices and millions of users worldwide,” the report stated.
The bug, logged as CVE-202103438, is a buffer overflow in the SSPORT.SYS driver in certain printers (like HP’s LaserJet products) that is capable of granting a local escalation of user privileges. The researchers discerned that that software is installed with the printer software and gets loaded by Windows upon each reboot.
SentinelOne explained, “Successfully exploiting a driver vulnerability might allow attackers to potentially install programs, view, change, encrypt or delete data, or create new accounts with full user rights.” Such access would enable attackers to bypass security measures that would normally prevent attacks or the delivery of malicious payloads.
The vulnerability can be exploited even if the device isn’t connected to the computer, which potentially makes it super easy for hackers to escalate and abuse privileges. However, local user access is required to successfully exploit the flaw, which will likely stop the bulk of threat actors from doing anything.
Want to see if your printer model is using the affected driver? Check out the device lists in Xerox’s security bulletin and in HP’s security advisory. SentinelLabs researchers said, “Some Windows machines may already have this driver without even running a dedicated installation file since this driver comes with Microsoft Windows via Windows Update.”
The two companies are advising all enterprise- and home-use customers to apply the security patch they’re providing as soon as possible.