Connect with us

Hi, what are you looking for?



Microsoft Patches 20-Year Old Critical Printer Vulnerability

Microsoft this week patched more than 40 vulnerabilities in Internet Explorer, Edge, Office, and other products, including a 20-year old issue that made Windows computers vulnerable to botched printers.

Microsoft this week patched more than 40 vulnerabilities in Internet Explorer, Edge, Office, and other products, including a 20-year old issue that made Windows computers vulnerable to botched printers.

Printers have been one of the oldest Internet of Things (IoT) components of enterprise networks and represent a powerful attack vector for cybercriminals, given the large number of vulnerabilities that researchers have discovered in them over time. Recently, researchers discovered that it’s not only the printers themselves that are vulnerable, but Windows systems connecting to these printers are flawed too.

Security researchers at Vectra Threat Labs recently discovered two security issues affecting the Windows Print Spooler Components and say that they allow an attacker to compromise systems via the printer itself. These are a remote code execution flaw (CVE-2016-3238) and an elevation of privilege vulnerability (CVE-2016-3239), both of which were patched by Microsoft this Tuesday.

The bad news, researchers say, is that CVE-2016-3238 is a Critical vulnerability that affects all Windows versions dating back to Windows 95.

“The vulnerability involves the way that client devices interact with network printers, and allows an attacker to execute code at system level either over a local network or the Internet,” Vectra researchers reveal.

In the MS16-087 security bulletin that was published on Tuesday, Microsoft explained that the vulnerability exists because the Windows Print Spooler service does not properly validate print drivers while installing a printer from servers. An attacker exploiting the flaw can take control of an affected system and can install programs, access and modify user data, or create new accounts with full user rights, Microsoft says.

According to Vectra’s researchers, the issue relies on the manner in which devices connect to printers on the network. Instead of pushing all the needed printer drivers to all workstations, the user is directed to the nearest printer and only that driver is installed. Called Point-and-Print, this approach works great from a user perspective, but it is flawed, because it leverages an exception where the driver for the printer is fetched without warning the user.

Advertisement. Scroll to continue reading.

Basically, researchers say, the workstation grabs an executable from a shared drive and installs it without a User Account Control (UAC) prompt showing up. An attacker could abuse this exception and push its own malicious code to the compromised machine, researchers say.

To test this assumption, the researchers compromised the printer first, to point the workstation to the malicious executable, and revealed that this was easy to achieve, because “it was not too hard to find a bug that provided access to the underlying system.” Other attack scenarios are also possible, including the backdooring of a printer or print server, creating a fake print server, use a MitM attack to inject a backdoored driver instead of the real one, and more.

What’s more, the vulnerability can be abused from the Internet (remotely) as well, by leveraging the Internet printing protocol (IPP) and webpointNprint. “IPP allows for the same mechanism to load driver from the printer,” researchers reveal. 

Also this week, Adobe patched Critical issues in Flash, Acrobat, and Reader, while SAP resolved Clicjacking vulnerabilities affecting many of its products.

Related: Faulty Printer Implicated in $81 Million Bangladesh Bank Heist

Related: Hackers Can Abuse HP Enterprise Printers for Storage

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.