Hundreds of millions of HP, Xerox, and Samsung printers vulnerable to new bug

Security experts have found a severe vulnerability in a common printer driver used by HP, Xerox, and Samsung.

The bug, tracked as CVE-2021-3438, has been present in the printer driver code since 2005 and impacts hundreds of millions of printers sold in the past 16 years.

"This vulnerability affects a very long list of over 380 different HP and Samsung printer models as well as at least a dozen different Xerox products," said Asaf Amir, a SentinelOne security researcher who discovered the issue and reported it to the affected companies in February this year.

Patches have been available for at least two months, but Amir has published his own report today to warn users about the severity of this vulnerability.

Described as a buffer overflow in a printer driver file called "SSPORT.SYS," the bug could be abused for elevation of privilege attacks that allow locally installed malware or malicious code to gain ADMIN-level access to systems where the vulnerable driver is installed (an affected printer is connected).

"Among the obvious abuses of such vulnerabilities are that they could be used to bypass security products," Amir said.

"Successfully exploiting a driver vulnerability might allow attackers to potentially install programs, view, change, encrypt or delete data, or create new accounts with full user rights," the researcher added.

Furthermore, Amir also points out that some Windows systems may already have the vulnerable printer driver installed on their machines even without the user's knowledge, something that happened when users connected one of the vulnerable printer models (see HP and Xerox advisories) to their systems, and the driver was delivered via Windows Update.

Amir recommended that users check to see if their printer model is listed in the advisories and then install the latest printer driver update from the vendor's website.

SentinelOne's discovery comes two months after the security firm also found a 12-year-old vulnerability in Dell's DBUtil driver that could be abused in similar elevation of privilege attacks.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Catalin Cimpanu

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.