Nasty Windows Printer Driver Vulnerability
From SentinelLabs, a critical vulnerability in HP printer drivers:
Researchers have released technical details on a high-severity privilege-escalation flaw in HP printer drivers (also used by Samsung and Xerox), which impacts hundreds of millions of Windows machines.
If exploited, cyberattackers could bypass security products; install programs; view, change, encrypt or delete data; or create new accounts with more extensive user rights.
The bug (CVE-2021-3438) has lurked in systems for 16 years, researchers at SentinelOne said, but was only uncovered this year. It carries an 8.8 out of 10 rating on the CVSS scale, making it high-severity.
Look for your printer here, and download the patch if there is one.
EDITED TO ADD (8/13): Here’s a better list of affected HP and Samsung printers.
Clive Robinson • July 22, 2021 11:17 AM
@ ALL,
Why am I not surprised?
Since 2005… @NickP and myself used to debate when you should have stopped on the MS OS path.
I was conservative and said 1995, @NickP was a little more bullish and said 2005.
I guess the real question is how much longer before we ditch the more modern crud into “land fill” and upgrade to amore modern “backdoor”.
Pays your money makes your choices mines at the latest Win XP and Office 97…
It does the dull stuff I need it to, relatively quickly on fully issolated systems.