Millions of HP, Samsung, and Xerox Printers Vulnerable Due to 16-Year-Old Security Flaw

July 20, 2021

A serious security vulnerability has come to light in a software driver used by HP, Xerox, and Samsung printers, lingering undetected since 2005. Assigned CVE-2021-3438 (CVSS score: 8.8), this issue involves a buffer overflow in the “SSPORT.SYS” print driver installer, which could allow for remote privilege escalation and arbitrary code execution. Hundreds of millions of printers worldwide may be affected, although there is currently no evidence of real-world exploitation. The vulnerability, first identified by SentinelLabs researchers on February 18, 2021, was disclosed in an advisory in May, noting its potential to elevate privileges in certain HP LaserJet and Samsung printer models. Fixes for the impacted devices were made available on May 19, 2021.

Longstanding Security Flaw in Printer Software Puts Millions at Risk

On July 20, 2021, cybersecurity experts disclosed a critical vulnerability that has affected millions of printers globally. This issue stems from a software driver utilized by HP, Xerox, and Samsung printers, remaining undetected since its inception in 2005. Designated as CVE-2021-3438, this vulnerability carries a CVSS score of 8.8 and concerns a buffer overflow within the “SSPORT.SYS” print driver installer package. Such a flaw could facilitate remote privilege escalation and arbitrary code execution, posing significant security risks.

The scope of the vulnerability is staggering, with hundreds of millions of printers potentially compromised due to the inclusion of this problematic driver. Despite the severity of the vulnerability, there is currently no evidence to suggest that it has been exploited in real-world attacks. According to an advisory released in May, the potential for a buffer overflow in the drivers for certain HP LaserJet models and Samsung printers raises alarms about privilege escalation.

The vulnerability was first identified by threat intelligence researchers from SentinelLabs, who reported it to HP on February 18, 2021. Following notification, HP took swift action and published remedies for the affected printers by May 19, 2021, to mitigate the impact of this vulnerability.

In analyzing the potential attack vectors enabled by this flaw, several tactics and techniques from the MITRE ATT&CK framework come into play. Initial access could be gained through exploitation of the vulnerable driver, enabling a malicious actor to establish a foothold in the system. Persistence may be achieved if attackers install additional malicious software once they have breached a printer’s defenses. The most concerning aspect remains the capability for privilege escalation, allowing unauthorized users to gain elevated access within affected networks.

For business owners, understanding the implications of this vulnerability is crucial. As printers are integral to daily operations, the risk posed by compromised devices should not be underestimated. The ongoing reliance on networked printing systems necessitates a proactive approach to cybersecurity, including regular updates and vigilance against potential threats.

In light of this incident, organizations should ensure that they are applying the patches released by HP to protect their devices. Additionally, implementing comprehensive security measures that extend beyond the printers themselves is essential for safeguarding sensitive information against potential breaches.

As the digital landscape continues to evolve, the emergence of such vulnerabilities underscores the necessity for constant vigilance in cybersecurity strategies. While this particular issue has been addressed, the potential for undiscovered risks remains a perpetual challenge for businesses worldwide.

Source link

Related Posts

Researcher Reveals Yet Another Unpatched Vulnerability in Windows Printer Spooler

Date: July 19, 2021

Just days after Microsoft raised alarms about an unpatched security flaw in the Windows Print Spooler service, yet another potential zero-day vulnerability has surfaced, marking the fourth printer-related issue identified in recent weeks. Will Dormann from the CERT Coordination Center noted in an advisory on Sunday that “Microsoft Windows allows non-admin users to install printer drivers through Point and Print.” He highlighted that printers installed this way can load arbitrary libraries by the privileged Windows Print Spooler process. Security researcher Benjamin Delpy, known for creating Mimikatz, has disclosed an exploit for this vulnerability. #printnightmare – Episode 4

New Vulnerabilities in Windows and Linux Grant Attackers Elevated System Privileges

July 21, 2021

Recent findings have uncovered a local privilege escalation vulnerability in Microsoft’s Windows 10 and the soon-to-be-released Windows 11, enabling users with limited permissions to access critical system files. This loophole, referred to as “SeriousSAM,” allows unauthorized individuals to potentially reveal the operating system installation password and decrypt private keys.

According to a vulnerability note from the CERT Coordination Center (CERT/CC), since Windows 10 build 1809, non-administrative users have had access to the SAM, SYSTEM, and SECURITY registry hive files, which could lead to local privilege escalation (LPE). The affected operating system configuration files include:

  • c:\Windows\System32\config\sam
  • c:\Windows\System32\config\system
  • c:\Windows\System32\config\security

Microsoft, which has assigned the identifier CVE-2021-36934 to this vulnerability, has acknowledged the issue but has not yet released a patch.

Apple Issues Critical 0-Day Patch for Mac, iPhone, and iPad

On July 27, 2021, Apple released a crucial security update for iOS, iPadOS, and macOS to fix a zero-day vulnerability that may have already been exploited. This marks the thirteenth such vulnerability Apple has addressed this year. The update, which follows the recent launch of iOS 14.7, iPadOS 14.7, and macOS Big Sur 11.5, resolves a memory corruption issue (CVE-2021-30807) in the IOMobileFrameBuffer, a kernel extension responsible for managing the screen framebuffer. This flaw could allow malicious actors to execute arbitrary code with kernel privileges. Apple stated that it has improved memory handling to mitigate this risk and acknowledged reports of potential exploitation. As is standard, specific details about the vulnerability have not been released to prevent further attacks. An anonymous researcher is credited with discovering and reporting the issue.