HP patches vulnerable driver lurking in printers for 16 years

[silversurfer]

Content source

https://www.zdnet.com/article/hp-patches-vulnerable-printer-driver-impacting-millions-of-devices/

HP has patched a severe vulnerability that has been hidden in a printer driver for 16 years.

On Tuesday, SentinelLabs published an analysis of the vulnerability, tracked as CVE-2021-3438 and issued a CVSS score of 8.8.

The security issue is described as a "potential buffer overflow in the software drivers for certain HP LaserJet products and Samsung product printers could lead to an escalation of privilege."

According to the researchers, some HP, Xerox, and Samsung printer models contained vulnerable driver software, sold worldwide since 2005.

The driver in question, SSPORT.SYS, is automatically installed and activated, whether the model was wireless or cabled. The driver is also loaded automatically by Microsoft's Windows operating system on PC boot.

"This makes the driver a perfect candidate to target since it will always be loaded on the machine even if there is no printer connected," the researchers say.

HP patches vulnerable driver lurking in printers for 16 years

Cyberattackers could exploit the bug to secure system-level privileges.

www.zdnet.com

 

[omidomi]

 

[CyberTech]

View attachment 259796

Because Turtles haven't upgrade the turbo and speeds for many years so sad

 

[ForgottenSeer 85179]

Because Turtles haven't upgrade the turbo and speeds for many years so sad

quality over quantity!