#Open journalism No news is bad news

Your contributions will help us continue to deliver the stories that are important to you

Support The Journal
Dublin: 5°C Sunday 11 April 2021

Windows has a 20-year-old flaw that lets printers install malware on your PC

Thankfully, a patch for it has been released.

Image: Shutterstock/jannoon028

MOST OF THE time, any flaw or bugs that pop up on your computer come from new updates or changes.

In the case of Windows, a flaw which allowed attackers to secretly install malware on computers through a printer, either directly or through a local area network, has been around for the good part of two decades.

The issue comes from Windows Print Spooler, which manages the process of connecting to printers and queuing up documents for printing.

As it doesn’t verify whether a printer’s drivers are the real deal or not, it’s possible for someone to connect a printer and it will install and work automatically. This gives an attacker an easy way to install malware through it.

The flaw was originally discovered by security firm Vectra, which found that one attack gave it “system rights on any workstation that connect to your printer”.

On a print server, cups or Microsoft, we could expect to have anti-virus, file integrity check, or other solution to monitor the host and change to it.  However, a printer driver is much less likely to have any of those defenses in place. Not only will that unit be able to infect multiple machines in your network, but it would also be able to reinfect over and over.

The saving grace is that for it to work, the attacker needs to connect the device to a PC or a local network for it to start infecting anyone, meaning the threat is limited to public hotspots and other similar situations.

Microsoft has issued a patch fixing the issue so if you’re using Windows Vista, 7, 8 or 10, you can install it now. Those who are still using older versions like Windows XP, which you shouldn’t be for a multitude of reasons, aren’t covered.

There is still a sizeable number of PCs running XP – it’s believed that close to 10% of computers worldwide still use it.

While exploiting such a flaw like the one above is challenging, it does highlight how you shouldn’t just automatically connect to a hotspot or printer server without taking a few precautions.

Read: Photo apps are in a rut, but these two might shake things up a bit >

Read: A US holocaust museum is asking Pokémon Go players to keep away >

About the author:

Quinton O'Reilly

Read next: