Vectra Networks has found an old, longstanding vulnerability in Windows, and it comes from a rather unexpected source. Printers.
Way back in 2007, an eternity ago in the world of tech, Microsoft introduced a convenient new feature that was widely lauded by network administrators. This service called Microsoft Web Point-and-Print stated its purpose was to make resource management easier for IT staff. Rather than having to manually add a printer to each PC in a given office, the new web service allowed for automatic delivery of appropriate printer drivers to any printer in the vicinity of any given PC.
It’s fast and convenient, but there’s just one problem. The driver’s digital signature isn’t verified by any security process, and it’s given high level access privileges to the network.
That’s a recipe for disaster. If an exploit can be found in any given printer driver that allows malware insertion into the code, and the physical printer itself can be accessed, neither of which presents any great challenge to a determined hacker, then the malware can be made to spread automatically to any PC within range of the printer.
It gets worse though. Hackers could actually deliver the attack via the web through, for example, a page that offered a thoughtfully updated printer driver for the printer you’re using. Again, once infected, even if a particular user deletes the driver from their PC, they’ll get automatically re-infected, every time they print to the printer in question.
As disturbing as that sounds, there are actually two easy fixes for it. First, Microsoft has already developed and rolled out a patch (MS16-087), and second, the feature can simply be turned off, if you don’t want to take the chance that other such exploits will inevitably be found in the Point-and-Print service.
One thing is certain: While this may be the first vulnerability found in the Point-and-Print service, it won’t be the last. Now that the word is out, you can bet we’ll be hearing much more about attacks on this front.