Unpatched vulnerabilities are no less than potential cyberattacks. They might blow up the company’s security defense at any time. While some unpatched flaws get identified and addressed during regular security audits, some are left behind until hackers find and exploit them. One such unpatched vulnerability, which went unnoticed for 16 years, was identified by cybersecurity researchers from SentinelOne.
Tracked as CVE-2021-3438, the buffer overflow vulnerability has existed in a common printer driver SSPORT.SYS file. used by popular printer manufacturers like Xerox, HP, and Samsung.
The Impact
The researchers found that the vulnerable driver gets installed when running the printer software, enabling an attacker to target the computer without a printer. The vulnerable driver accepts data via IOCTL (Input/Output Control) without validating, allowing hackers to evade the buffer used by the driver.
“An interesting thing we noticed while investigating this driver is this peculiar, hardcoded string: ‘This String is from Device Driver@@@@’. It seems that HP didn’t develop this driver but copied it from a project in Windows Driver Samples by Microsoft that has almost identical functionality; fortunately, the MS sample project does not contain the vulnerability,” SentinelOne said.
If exploited successfully, the vulnerability could allow threat actors to perform various malicious activities such as install malicious programs, access, alter, encrypt, delete data, or create new accounts. It could also allow the attacker to obtain elevated privileges on the targeted system, affecting millions of printers and users across the globe.
Mitigation
SentinelOne claimed that the vulnerability affects over 380 different HP and Samsung printer models and 12 Xerox products. The flaw was identified and reported to HP in February 2021. Immediately, HP released a security update in May 2021 to address the vulnerability.
The researchers urged both enterprise and individual users of HP/Samsung/Xerox to apply the patch mentioned in HP Security Advisory HPSBPI03724 and Xerox Advisory Mini Bulletin XRX21K as early as possible to avoid potential risks.
Abuse of Unpatched Bugs is Inevitable
While there is no evidence that CVE-2021-3438 flaw has been exploited in the wild, researchers warned that attackers could still abuse the unpatched and vulnerable devices. Recently, Microsoft warned about a zero-day vulnerability in Windows Print Spooler code. Dubbed as PrintNightmare, the remote code execution (RCE) flaw (CVE-2021-34527) could allow a remote hacker to disrupt the Windows Print Spooler operations. The tech giant stated that all versions of Windows are vulnerable to exploitation. Read More Here…
