Advertisement


Advertisement

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
General News Millions of Windows PCs Vulnerable to 20-Year-Old Bug
#1
Advertisement
[Image: printer_samsung_pixabay.jpg]

HIGHLIGHTS

*The vulnerability dates back to Windows 95
*Microsoft's security update comes is for Windows Vista and later
*Windows XP and earlier versions remain exposed

A 20-year-old vulnerability that exists in the Windows Print Spooler process can potentially affect millions of Windows PCs, all the way back to Windows 95. While Microsoft has issued a patch for Windows Vista and later operating systems, earlier versions are still vulnerable.

The critical vulnerability is based on the way Windows machines interact with network printers, and could allow an attacker to gain elevated privileges to execute malicious code at the system level over either a local network or even the Internet.

The Windows Print Spooler manages the process of connecting the laptop/ PC to available network-hosted printers. It automatically downloads necessary drivers immediately, to avoid manual hassle, and this failure to authenticate made it possible for attackers to trickle malicious drivers into the mix.

Researchers from Vectra Networks discovered the critical vulnerability (CVE-2016-3238 and CVE-2016-3239), and claims that this failure to authenticate installation of drivers can allow illegitimate and malicious drivers to be downloaded. Once this happens, the entire network could be compromised. "Not only will that unit be able to infect multiple machines in your network, but it would also be able to re-infect [them] over and over. Finding the root cause might be harder since the printer itself might not be your usual suspect. This situation comes to life because we end up delegating the responsibility of holding the driver safely to the printer, and those devices might not be as secure or impregnable as one would hope," Vectra researcher Nick Beauchesne wrote in a blog post.

Equipped with system-level controls, the malware can spread laterally from one machine across an entire network as well. Vectra added that printers, printer servers, or any network-connected printer into an "internal drive-by exploit kit." Apart from watering hole attacks, the team detailed privilege escalation exploits, a man-in-the-middle attack, and even the ability to infect other devices over the Internet.

Vectra claims that this vulnerability dates back to as far as Windows 95, and Microsoft's new patch, detailed in its Security Bulletin MS16-087, rated the vulnerability as critical for all supported Windows versions, and issued a Security Update for Windows Print Spooler Components for Windows Vista and later versions. If you don't have Windows Update turned on, now is a good time to do so.

Notably, security expert HD Moore informed Ars Technica that the Microsoft security update in fact '"doesn't really close the code-execution hole, but rather it merely adds a warning as part of the update."

The update doesn't work for PCs running on Windows XP and earlier, as Microsoft ended support for these versions years ago. This means that millions of PCs are still vulnerable. As such, the malware threat is more susceptible to public printers, or loosely-protected office networks.

Moore adds, "This is mostly a risk for BYOD laptops within a company, folks using personal laptops on public networks, and corporate networks where the group policy explicitly enables this feature. Convincing someone to add a printer might be tricky, but there may be other ways to drive that behaviour through other network attacks, such as by hijacking HTTP requests and telling the user to do so."

Source:
___________________________________________
Airtel Digital HD Recorder / Kerala Vision Digital TV
Reply
Thanks given by:
Advertisement
Advertisement




Possibly Related Threads...
Thread Author Replies Views Last Post
  General News: Microsoft Windows 10 May 2019 Update announced; will put you in control of updates nairrk 0 466 04-06-2019, 11:47 AM
Last Post: nairrk
  General News: Google Chrome 70 is rolling out for Windows, Mac, and Linux.. nairrk 0 566 10-18-2018, 06:39 PM
Last Post: nairrk
  General News: Microsoft Office 2019 released for Windows and Mac nairrk 0 537 09-25-2018, 12:33 PM
Last Post: nairrk
  General News: Microsoft News, the revamped MSN news is rolling out for Windows 10, iOS, Android.. nairrk 0 462 06-21-2018, 11:20 AM
Last Post: nairrk
  General News: Microsoft's SwiftKey keyboard app coming to Windows 10 soon nairrk 0 486 06-15-2018, 11:18 AM
Last Post: nairrk
  General News: Twitter adds new features to web and Windows app, killing some other apps nairrk 0 449 05-23-2018, 07:27 PM
Last Post: nairrk
  General News: Microsoft to unveil new Outlook designs for Mac and Windows nairrk 0 501 05-02-2018, 07:18 AM
Last Post: nairrk
  General News: Microsoft unveils Windows 10 April update nairrk 1 524 04-30-2018, 07:29 PM
Last Post: nairrk
  General News: Twitter releases new emoji for Tamil, Malayalam new year Puthandu, Vishu nairrk 0 597 04-13-2018, 07:02 PM
Last Post: nairrk
  General News: Microsoft will discontinue Windows '10 S', special 'S Mode' to take its place nairrk 0 565 03-08-2018, 06:57 PM
Last Post: nairrk

Forum Jump:


Users browsing this thread: 1 Guest(s)
Advertisement