Whenever software is updated, security experts are usually pretty quick to spot flaws that could lead to malware infections, aided by various bug bounties and the like. Some potential flaws however slip through the net for days, weeks, months, years and – very rarely – decades. Vectra Networks has found one such flaw that dates back around 20 years.
The problem originates in Windows Print Spooler – part of the operating system’s software which (as the name suggests) deals with the printing process. The problem is that the spooler doesn’t bother to verify whether a printer’s drivers are legitimate when a printer is plugged in, meaning that it’s possible for malicious types to slip their own nasty drivers on to the computer without raising any flags within Windows. Not only that, but it can infect any computers on the network and keep infecting machines as they discover the dodgy printer.
Microsoft has been very quick at getting a patch out of the door, so as long as you’re using Windows Vista or later, this old bug can finally be shut down. The only likely weakspot is Windows XP, which some 10% of computers are still using – and plenty of those in the public sector. Microsoft no longer supports Windows XP, meaning plenty of newly discovered threats go unpatched on the venerable old operating system.
As threats go, this one is pretty limited given it needs an attacker to actually attach a printer to the network, which is hard to do stealthily, but forearmed is forewarned.
Images: gosheshe and Kevin Cortopassi used under Creative Commons