The bug could allow cyber attackers to bypass security products, tamper with data and run code in kernel mode.
Researchers have released technical details on a high-severity privilege-escalation flaw in HP printer drivers (also used by Samsung and Xerox), which impacts hundreds of millions of Windows machines.
If exploited, cyber attackers could bypass security products; install programs; view, change, encrypt or delete data; or create new accounts with more extensive user rights.
The bug (CVE-2021-3438) has lurked in systems for 16 years, but was only uncovered this year. It carries an 8.8 out of 10 rating on the CVSS scale, making it high-severity.
How to Fix the HP Printer-Driver Bug?
Since the bug has existed since 2005, it impacts a very long list of printer models, researchers noted; affected models and associated patches can be found found:
Device-driver vulnerabilities are not uncommon, the team at Goliath Solutions Group suggests reducing the attack surface with some best practices, including enforcing strong access control lists (ACLs), which control access to packages, folders, and other elements (such as services, document types and specifications) at the group level. And, it’s a good idea to verify user input and not expose a generic interface to kernel mode operations.
Goliath Solutions Group is your Trusted Cyber Advisor working to help your Organization drive to a Pro-Active state.