You may not believe it but recent studies have shown that security bugs don’t just originate from our most recent technologies but rather from the oldest. This issue exists in the 20-year-old Windows Print Spooler that presents the opportunity for malware to be brought on to a PC. This is largely because the Spooler does not verify the legitimacy of the printer’s drivers, which is a huge flaw in the system that makes the PC vulnerable for attackers to install harmful drivers. Attackers get inside the network and replace the driver with a malicious file. When the users connect to the printer, the code is automatically delivered. This process continues to repeat and the malicious drivers spread quickly when the printer is shared on the network.
You may be wondering, how would the attacker get the driver in the printer?
- They hack a printer vulnerability
- They log-in to the printer using credential
- They advertise a fake printer on the network
Here are some actions to take for your protection:
- If you have Windows XP or earlier, you may want to be cautious of these attackers and consider replacing Windows XP as it has reached its end of life support and download official drivers from official sites
- Avoid public hotspots and other potential office networks where attackers can intervene without you knowing
Source:
https://www.engadget.com/2016/07/13/windows-printer-driver-exploit/
