A 16-year-old vulnerability in an HP, Xerox, and Samsung printer driver allows attackers to gain administrative privileges on systems that use the vulnerable driver software.
“This high-severity vulnerability, which has been present in HP, Samsung, and Xerox printer software since 2005, affects hundreds of millions of devices and millions of users worldwide,” according to a SentinelOne report released today. shared with BleepingComputer in advance.
The security error trace in which CVE-2021
As the researchers discovered, the buggy driver is automatically installed with the printer software and loaded by Windows after each system reboot.
This makes it the perfect target for attackers who need an easy way to escalate privileges, as the error can be abused even when the printer is not connected to the targeted device.
Successful utilization requires local user access, which means that threat actors must first gain a foothold in the targeted devices.
Once this is achieved, they can exploit the security flaw to escalate privileges in low-complexity attacks without requiring user interaction.
The result is that attackers with basic user rights can elevate their rights to SYSTEM and run code in kernel mode, bypassing security products that will block their attacks or delivering additional malicious payloads.
“Successful exploitation of a driver vulnerability could allow attackers to potentially install programs, view, modify, encrypt or delete data, or create new accounts with full user rights,” explains SentinelOne.
“Although we have not seen any indications that this vulnerability has been exploited in nature to date, with hundreds of millions of businesses and users currently vulnerable, it is inevitable that attackers will seek out those who do not take the necessary action.”
Users are encouraged to update ASAP
For a list of affected printer models that use the vulnerable driver, see the HP Security Guide and this Xerox Security Mini Bulletin.
HP, Xerox and Samsung enterprise and home customers are encouraged to use the updates provided by the two vendors as soon as possible.
“Some Windows computers may already have this driver without running a dedicated installation file, since this driver comes with Microsoft Windows via Windows Update,” the researchers added.
Earlier this year, SentinelOne researchers found a 12-year-old privilege escalation bug in Microsoft Defender Antivirus (formerly Windows Defender) that could allow attackers to gain administrator privileges on unpatched Windows systems.
Microsoft Defender Antivirus is the standard anti-malware solution for more than 1 billion systems running Windows 10 per Microsoft statistics.