Microsoft Monthly Patch Update Squashes 20-Year-Old Windows Bug That Allows Printers to Install Malware

( [email protected] ) Jul 14, 2016 12:01 PM EDT
A 20-year-old bug that opens up the door for printers to install malware has finally been squashed in the latest Microsoft monthly patch cycle.
The logo of Microsoft company is seen in Paris, France, April 18, 2016. REUTERS/Jacky Naegelen - RTX2AMBT

"Better late than never" is an axiom that we have heard many times over, and it is proven yet again when a 20 year old Windows bug has been patched. This is no ordinary Windows bug, as it opens up the door for printers to have malware installed. Malware is short for "malicious software", and they are a common method for hackers to gain access to a particular computer system or device if the loopholes are not properly patched, i.e. closed up.

For over the past two decades plus, Microsoft's Windows operating system has been the platform of choice for hackers to install malware on computers that are hooked up to infected printers, or perhaps other other devices that fool the computer into thinking that it is a printer, via a local area network. It is nice to know that the latest monthly patch cycle signals the last of this particular bug -- only for those who have installed the patch, of course.

This particular vulnerability can be traced to the Windows Print Spooler. The Windows Print Spooler will manage the process of connecting to available printers as well as printing documents. There is a protocol called Point-and-Print that enables those who are connecting to a network-hosted printer for the first time to download the required driver automatically prior to using it, and it functions by stashing a shared driver on the printer. Alternatively, it can also store a shared driver on a print server, which does away with the need for one to perform a manual download and DIY installation process.

Researchers attached to the security firm Vectra Networks have found out that the Windows Print Spooler does not authenticate print drivers properly during the installation process that involves remote locations. This is deemed to be a colossal failure, as it then opens up the door for attackers to make use of a wide range of techniques to deliver maliciously modified drivers as opposed to have the real deal installed.

In other words, this particular exploit will transform the likes of printers, printer servers, or potentially any network-connected device to put on the mask of a printer into an internal drive-by exploit kit. Inadvertently, this will result in machines being infected each time they are connected. 

Vectra researcher Nick Beauchesne mentione, "Not only will that unit be able to infect multiple machines in your network, but it would also be able to re-infect [them] over and over. Finding the root cause might be harder since the printer itself might not be your usual suspect. This situation comes to life because we end up delegating the responsibility of holding the driver safely to the printer, and those devices might not be as secure or impregnable as one would hope."

Despite installing the patch, there is the possibility of an attack happening in homes as well as small- and medium-sized businesses, targeting settings that provide the freedom to people to hook up their own devices. 

It is always advisable to ensure that your machines -- be they smartphones, tablets or computers, are installed with the latest patches and updates so that you may sleep better at night.

Tags : Microsoft, windows, bug, patch, printer, printer driver, driver