New Cyber Defense Brand DeepSeas to Unite Newly Acquired Commercial Managed Threat Services Business from Booz Allen Hamilton with Security On-Demand. Learn More

Schedule a demo

Threat Advisory: High Severity Flaw in HP, Xerox and Samsung Printers

Peter Bybee

Peter Bybee

High Severity Flaw in HP, Xerox and Samsung Printers

Event Summary

Sentinel Labs discovered a vulnerability that affects HP, Xerox and Samsung printers. This vulnerability could allow for privilege escalation via the vulnerable printer driver and could allow threat actors to install programs, view, change, encrypt, or delete data, or create privileged accounts.  Samsung, Xerox and Hewlett-Packard have provided patches to address this vulnerability.  While there is no evidence of this vulnerability being exploited, it is a critical vulnerability and should be addressed as soon as possible via the approved patches provided by the device vendors.

Details

NIST CVE-2021-3438

The vulnerability exists in the printer driver SSPORT.SYS.   This driver is installed by running printer software, regardless of the installation being completed or not.  This includes printer configurations that work wirelessly or via a USB cable.

Based on available information This driver may sometimes come pre-installed in Windows systems and will be re-enabled when the OS is restarted.

To take advantage of this vulnerability, threat actors need to gain a foothold on a target device.  Once achieved, the actor can utilize basic user privileges to escalate to SYSTEM privileges and run code in kernel mode, potentially bypassing security controls that would normally block attacks or the delivery of malicious payloads.

Recommendations

Vendors have released patches to address this vulnerability.  It is recommended to go to the vendors website and check the list of affected printers to determine if a patch needs to be applied. More information for Hewlett-Packard and Samsung devices can be found here, and Xerox here.   Security On-Demand recommends routinely applying vendor provided patches to all systems.

SOD Actions

The Security On-Demand Threat Recon Unit will continue to monitor these events and will provide any critical updates as more information is provided.  Please contact us if you have any questions.

Sources

NIST CVE-2021-3438

Hewlett Packard Security Advisory – Affected HP and Samsung Device Information

Xerox Security Advisory – Xerox Affected Devices

Sentinel Labs Report and Findings

RECOMMENDED POSTS

70% of threats today cannot be detected using static cyber security tools. Security On-Demand’s ThreatWatch® platform can detect the advanced threats that most providers miss. 

Detect Early. Respond Early.

sales@securityondemand.com

SERVICES

ABOUT

SIGN-UP FOR FREE THREAT FLASH ALERTS

FOLLOW US

Twitter-square Linkedin Facebook Youtube

© 2014-2022 Security On-Demand. All Right Reserved