Professional Documents
Culture Documents
20-Year-Old Windows Bug Lets Printers Install Malware-Patch Now - Ars Technica
20-Year-Old Windows Bug Lets Printers Install Malware-Patch Now - Ars Technica
20-Year-Old Windows Bug Lets Printers Install Malware-Patch Now - Ars Technica
20-year-old
Windows bug lets
printers install
malware—patch
now
Critical vulnerability in all versions opens
users to printer watering hole attacks.
DAN GOODIN - 7/13/2016, 7:58 PM
Vectra Networks
Enlarge
Watering hole
attacks
Security expert HD Moore, who is
principal at a firm called Special
Circumstances, told Ars that there
are a variety of ways attackers can
go about exploiting the
vulnerability. One method is to
connect a laptop or other portable
device that falsely advertises itself
as a network printer. When people
on the same network connect to it,
the device can be set up to
automatically deliver a booby-
trapped driver. Another approach
is to monitor traffic set to a
legitimate network printer and wait
for a victim to add the printer to
their system. The attacker would
then hijack the request for the
printer drivers and respond with a
malicious driver.
Promoted
Comments
Xelas/ Ars Tribunus JUMP TO
Militum
POST
fuzzyfuzzyfungus wrote:
Does anyone know why
print servers have never
managed to adopt a sane
abstraction layer, despite
there being some obvious
candidates to work with?
However, if a client
computer is printing via a
print server, there is no
need for it to know about
that; just to send the job to
the server and let it handle
the matter(or, alternately,
you could have the server
DAN GOODIN
Dan is the Security Editor at
Ars Technica, which he joined
in 2012 after working for The
Register, the Associated
Press, Bloomberg News, and
other publications.
EMAIL
dan.goodin@arstechnica.com
// TWITTER @dangoodin001
Related Stories
Today on Ars
CNMN Collection
WIRED Media Group
Use of this Site constitutes acceptance of our User Agreement (effective 1/2/14) and Privacy Policy (effective 1/2/14), and Ars
Technica Addendum (effective 5/17/2012). View our Affiliate Link Policy. Your California Privacy Rights. The material on this site
may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of Condé
Nast.