Microsoft has just fixed a bug that allowed you to use the print management service to infect all the computers connected to a network. The exploit has been on for about 20 years.
In the past two decades, Windows has provided the ability to install malware through a bug present in the printer management system. By connecting the personal computer to potentially infected printers, or other devices disguised as printers, over a local network you could expose any system with any version of the operating system to a severe malware risk. Microsoft has finally fixed the bug within the usual Patch Tuesday.
Wednesday we talked about the release of Windows 10 build 10586.494, bringing the news of a security to update in Microsoft Print Spooler service. The vulnerability of which we speak was present there, in the service that actually allows you to connect a printer to the system and print documents. The Point-and-Print allows you to automatically download drivers needed later to connect a printer hosted on a network for the first time.
To function properly stores the necessary files to a printer or print server, the user removing the hassle of having to manually download and install the appropriate driver for your systems. The pitfall was hiding in this part of the system, and to discover it were Vectra Networks security researchers who say that the signature Windows Print Spooler was not able to properly authenticate the printer drivers when you installed remotely.
This allowed for any external aggressors to use different techniques to deliver to the modified driver service, and not the legitimate ones provided by the manufacturer. The exploit allows you to transform printers, print servers, or any other device connected to the printer by network camouflaged in a sort of drive-by exploit kits that can infect all the machines connected to your network.
” Not only, this unit is able to infect the machines connected on your network, but may be able to infect over and over again,” writes Nick Beaucjesne on the official post found on the Vectra Networks website. ” Finding the root cause can be difficult since the printer itself is not usually the first suspect in such cases “.
Microsoft has already released a patch in the Patch Tuesday of last Tuesday, so those who use the latest company’s operating systems one is safe. The exploit has been active for about 20 years and is also present on older versions of the operating system such as Windows XP, which are no longer supported officially by the company. This leaves exposed millions of computers around the world, especially those operating public networks.
It is not easy that an external user can enter into the house of others and connect an external device to the local network, but the flaw undoubtedly exposes public hotspots, local networks of offices poorly supervised and in all circumstances in which you can connect external devices without capture the attention of the owners. In all cases, it is recommended to update the devices to the latest version, or install the stand-alone patches found on this page.