SentinelOne, a cybersecurity company, discovered that some drivers installed by HP, Samsung, and Xerox printers come with a severe security vulnerability.
Luckily, the vulnerable drivers have already been patched.
Are you in danger?
If you have or had a vulnerable printer, if you have a Windows PC, then this security bug may be relevant to you. Those who have a vulnerable driver on their computer should download and install a new, updated version.
You might not need to, because as SentinelOne says, Windows automatically installs new drivers for you. Check if you have the latest Windows updates installed.
The lists of affected printers and the fixed drivers are here:
- HP and Samsung printers, you can search for your printer model and download the new driver here
- Xerox printers and the patched driver
Find out what printer you have and, if you need to, download the patched driver.
Importantly, only download the driver update by using Windows Update or from the websites of the manufacturers of your devices. Avoid driver update sites and third-party updaters like the plague – even antivirus scanners flag them.
What’s the vulnerability?
According to SentinelOne, malicious actors could abuse the vulnerability in these printer drivers to do almost anything on the infected computer, such as install new programs.
At the same time, the security vendor didn’t find an obvious way to take advantage of the bug. There’s also no mention of any malware that might be abusing the bug right now.
Now that malicious actors know about the bug, they might create malicious software that takes advantage of it. But if you patch your driver quickly, you’ll be safe.
In theory, if this driver bug were to be abused, it could be used for all sorts of malicious attacks:
- download and upload files,
- install programs,
- steal data, such as login tokens and passwords saved in your browser.
If your computer didn’t have the vulnerable driver, then this is not relevant to you. And if you did have the driver, you still don’t need to be scared of this vulnerability, provided you update the driver with the patched version.
How do drivers work?
Printers, like other devices on our computers, require drivers to function. Drivers are like tiny programs that run on our computers. They help devices and the computer talk to each other.
A printer driver gets installed when you connect a printer to your computer. The driver runs in the background, even when you’re not using your printer.
All the other devices have their own drivers, too: mouse, keyboard, graphics card, etc.
How can you protect yourself?
Normally, we users don’t need to care about drivers. Most of them are automatically updated in the background as needed. And this is true in the case of printers, as Windows Update should have installed the updated driver on all the vulnerable systems that allow automatic updates.
Drivers don’t often come up in cybersecurity. Actually, Microsoft was recently tricked by cybercriminals to sign a malicious driver that was used to infect computers with spyware.
However, it’s not that simple. Just like with this particular printer debacle, cybercriminals need to access your computer to harm it in some way. It means chaining multiple security flaws (such as in the case of PuzzleMaker) or convincing you to download and run malware yourself (such as with deceptive ads). As long as you’re careful, install updates without delay, and have good antivirus protection, you should be safe.