{"id":304027,"date":"2021-07-20T22:39:09","date_gmt":"2021-07-20T19:39:09","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/hackers-exploit-a-16-year-old-bug-in-some-printers-to-take-over-your-machine-review-geek\/"},"modified":"2021-07-20T22:39:09","modified_gmt":"2021-07-20T19:39:09","slug":"hackers-exploit-a-16-year-old-bug-in-some-printers-to-take-over-your-machine-review-geek","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/hackers-exploit-a-16-year-old-bug-in-some-printers-to-take-over-your-machine-review-geek\/","title":{"rendered":"#Hackers Exploit a 16-Year Old Bug in Some Printers to Take Over Your Machine \u2013 Review Geek"},"content":{"rendered":"

“#Hackers Exploit a 16-Year Old Bug in Some Printers to Take Over Your Machine \u2013 Review Geek”<\/strong><\/p>\n

\n
\"Printer
FabrikaSimf\/Shutterstock.com<\/a><\/span><\/figcaption><\/figure>\n

A bug that\u2019s been hidden for 16 years has just been discovered<\/a>, allowing hackers who exploit it to gain administrator rights on any systems using the software. The vulnerability was found in software used by old printers from several major brands, including Xerox, Samsung, and HP.<\/p>\n

The security flaw was recently detected by SentinelLabs, and has been released to millions of printers across the globe. \u201cThis high severity vulnerability, which has been present in HP, Samsung, and Xerox printer software since 2005, affects hundreds of millions of devices and millions of users worldwide,\u201d the report stated<\/a>.<\/p>\n

The bug, logged as CVE-202103438<\/a>, is a buffer overflow in the SSPORT.SYS driver in certain printers (like HP\u2019s LaserJet products) that is capable of granting a local escalation of user privileges. The researchers discerned that that software is installed with the printer software and gets loaded by Windows upon each reboot.<\/p>\n

SentinelOne explained<\/a>, \u201cSuccessfully exploiting a driver vulnerability might allow attackers to potentially install programs, view, change, encrypt or delete data, or create new accounts with full user rights.\u201d Such access would enable attackers to bypass security measures that would normally prevent attacks or the delivery of malicious payloads.<\/p>\n

\"Digital
Rawpixel.com\/Shutterstock.com<\/a><\/span><\/figcaption><\/figure>\n

The vulnerability can be exploited even if the device isn\u2019t connected to the computer, which potentially makes it super easy for hackers to escalate and abuse privileges. However, local user access is required to successfully exploit the flaw, which will likely stop the bulk of threat actors from doing anything.<\/p>\n

Want to see if your printer model is using the affected driver? Check out the device lists in Xerox\u2019s security bulletin<\/a> and in HP\u2019s security advisory<\/a>. SentinelLabs researchers said, \u201cSome Windows machines may already have this driver without even running a dedicated installation file since this driver comes with Microsoft Windows via Windows Update.\u201d<\/p>\n

The two companies are advising all enterprise- and home-use customers to app<\/a>ly the security patch they\u2019re providing as soon as possible.<\/p>\n

via Bleeping Computer<\/a><\/small>\n<\/div>\n