ANNOUNCEMENT: Security On-Demand Announces ThreatWatch Response and Remediation Service | SEE RELEASE
HR Photos for Marina

High Severity Flaw in HP, Xerox and Samsung Printers

Event Summary

Sentinel Labs discovered a vulnerability that affects HP, Xerox and Samsung printers. This vulnerability could allow for privilege escalation via the vulnerable printer driver and could allow threat actors to install programs, view, change, encrypt, or delete data, or create privileged accounts.  Samsung, Xerox and Hewlett-Packard have provided patches to address this vulnerability.  While there is no evidence of this vulnerability being exploited, it is a critical vulnerability and should be addressed as soon as possible via the approved patches provided by the device vendors.

Details

NIST CVE-2021-3438

The vulnerability exists in the printer driver SSPORT.SYS.   This driver is installed by running printer software, regardless of the installation being completed or not.  This includes printer configurations that work wirelessly or via a USB cable.

Based on available information This driver may sometimes come pre-installed in Windows systems and will be re-enabled when the OS is restarted.

To take advantage of this vulnerability, threat actors need to gain a foothold on a target device.  Once achieved, the actor can utilize basic user privileges to escalate to SYSTEM privileges and run code in kernel mode, potentially bypassing security controls that would normally block attacks or the delivery of malicious payloads.

Recommendations

Vendors have released patches to address this vulnerability.  It is recommended to go to the vendors website and check the list of affected printers to determine if a patch needs to be applied. More information for Hewlett-Packard and Samsung devices can be found here, and Xerox here.   Security On-Demand recommends routinely applying vendor provided patches to all systems.

SOD Actions

The Security On-Demand Threat Recon Unit will continue to monitor these events and will provide any critical updates as more information is provided.  Please contact us if you have any questions.

Sources

NIST CVE-2021-3438

Hewlett Packard Security Advisory – Affected HP and Samsung Device Information

Xerox Security Advisory – Xerox Affected Devices

Sentinel Labs Report and Findings