Security News > 2021 > July > 16-Year-Old HP Printer-Driver Bug Impacts Millions of Windows Machines

16-Year-Old HP Printer-Driver Bug Impacts Millions of Windows Machines
2021-07-20 13:31

Researchers have released technical details on a high-severity privilege-escalation flaw in HP printer drivers, which impacts hundreds of millions of Windows machines.

The bug has lurked in systems for 16 years, researchers at SentinelOne said, but was only uncovered this year.

The printer-based attack vector is perfect for cybercriminals, according to SentinelOne, since printer drivers are essentially ubiquitous on Windows machines and are automatically loaded on every startup.

"Whether you are configuring the printer to work wirelessly or via a USB cable, this driver gets loaded. In addition, it will be loaded by Windows on every boot. This makes the driver a perfect candidate to target since it will always be loaded on the machine even if there is no printer connected."

Since the bug has existed since 2005, it impacts a very long list of printer models, researchers noted; affected models and associated patches can be found here and here.

Some Windows machines may already have the vulnerable driver without even running a dedicated installation file, researchers warned, since it comes with Microsoft Windows via Windows Update.


News URL

https://threatpost.com/hp-printer-driver-bug-windows/167944/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
HP 6795 19 248 488 234 989