SentinelLabs has discovered a severe escalation of privilege vulnerability in a printer driver used by HP, Samsung and Xerox devices since 2005 – affecting over 390 printer models and millions of computers.
The vulnerable driver gets installed on Windows systems without any user intervention, simply by plugging in a printer with a USB cable or starting (and then quitting) the printer management software. Tracked as CVE-2021-3438, the vulnerability is an exploitable kernel driver that can enable a standard user to escalate their privilege to a SYSTEM account on Microsoft Windows and run arbitrary code in kernel mode.
HP has issued a security advisory and updated drivers can be downloaded here for both HP and Samsung Printers. (HP acquired the Samsung printer business in 2017.
Xerox has issued their own security advisory which lists the dozen printer models affected from their range and provides links for updated drivers.
Third party drivers, like those used by printers, are not necessarily included in Windows Updates that get shipped by Microsoft on the first Tuesday of each month – it depends on the filters set which determine which category of updates are automatically installed. (Although Sentinelone reports that this particular driver is included within the Windows Update system.)
Network Managers may want to check if the drivers have been automatically updated already and if not, arrange to manually install them onto affected systems in order to resolve the vulnerability.
“We were very impressed with the service, I will say, the vulnerability found was one our previous organisation had not picked up, which does make you wonder if anything else was missed.”
Aim Ltd Chief Technology Officer (CTO)