Security researchers from Vectra Networks discovered a serious vulnerability in Microsoft’s Windows operating system, which allows hackers to take control over complete computer networks, through vulnerable printers.
The report didn’t say which operating systems were affected, but the patch is already issued, and you can find it here and here. Everyone who has a printer attached to their system is strongly advised to patch ASAP.
“This particular vulnerability enables an attacker to exploit the ease with which Windows machines connect to printers on networks,” said Günter Ollmann, CSO of Vectra Networks. “While most devices require specific user or administrative permission before software is downloaded onto a machine, it is possible for printer drivers to bypass these restrictions.”
“This makes printers one of the most powerful threat vectors on a network,” continued Ollmann. “Rather than infecting users individually, an attacker can effectively turn one printer into a watering hole that will infect every Windows device that touches it.”
Printers are vulnerable because they’re not always prioritised for routine patches, so hackers can sometimes switch legitimate drivers with those carrying malware. Once installed, the malware runs with system-level permissions, giving the attacker full control of the system.
“In addition, this attack does not even require a physical printer in order to launch,” said Ollmann. “An attacker could set up a fake printer on the network and serve the malicious payload to any unsuspecting user that connects to it.”
“This research underscores the many possibilities that IoT devices, like printers, present to attackers,” said Ollmann. “Such devices are rarely assessed for security flaws, backdoors, or as watering hole threats, and represent a growing blind spot for both corporate and home networks. Microsoft Windows users are urged to apply this critical patch immediately as the vulnerability is likely to be exploited by attackers in short order.”