scientists have assisted patch a privilege escalation vulnerability in the printer driver for , Samsung, and Xerox that managed to evade detection for 16 yrs.
SentinelOne, which unearthed the large severity vulnerability, believes it has been existing considering that 2005, and very likely influences thousands and thousands of units and likely hundreds of thousands of buyers worldwide.
In accordance to the company’s scientists, the susceptible driver ships with around 380 distinct HP and Samsung printer products as properly as at minimum a dozen distinctive Xerox products and solutions.
We’re looking at how our visitors use VPNs with streaming internet sites like Netflix so we can strengthen our information and present improved information. This survey is not going to acquire a lot more than 60 seconds of your time, and you can also select to enter the prize attract to acquire a $100 Amazon voucher or a single of five 1-calendar year ExpressVPN subscriptions.
“Successfully exploiting a driver vulnerability might allow attackers to potentially install programs, view, change, encrypt or delete data, or create new accounts with full user rights,”Asaf Amir, VP of Research at SentinelOne.
Ghosts of devices past
The security flaw, tracked as CVE-2021-3438, is explained as a buffer overflow vulnerability that could be exploited in a local user privilege escalation attack.
Moreover since the bug exists in the printer driver, which gets loaded automatically by Windows, the vulnerability can be exploited even when the printer isn’t connected to the targeted device.
The only saving grace is that to exploit the bug, the attackers need local user access to the system with the buggy driver.
“While we haven’t seen any indicators that this vulnerability has been exploited in the wild up till now, with hundreds of millions of enterprises and users currently vulnerable, it is inevitable that attackers will seek out those that do not take the appropriate action,” concludes Amir urging users of the affected devices to patch their drivers immediately.