University Herald News | 15 July 2016
The security flaw enabled malicious users to covertly install a hand-picked malware on computers that connect to fake printers or devices that pose as printers. Vectra Networks security experts found that the issue dwells in the Windows Print Spooler component that connects to available printers.
Industry pros consider widespread affects of Windows printer flaw
SC Magazine | 14 July 2016
Discovered by researchers at Vectra, the flaw allows any printer or device that mimics a printer to install malware on computers on a local area network. The print spooler does not authenticate printer drivers, allowing attackers to infect multiple computers on the network and continue to infect other devices as they discover the driver.
A 20-year-old printer vulnerability left Windows exposed to malware
Digital Trends | 14 July 2016
Security company Vectra publicized the decades-old vulnerability that takes advantage of an authentication error in the printer installation process. According to Vectra, the Windows Print Spooler never thoroughly authenticated drivers, allowing attackers to spoof the system and install malware.
Microsoft patches 20-year-old critical Windows printing bug
Digital Journal | 14 July 2016
Vectra contacted Microsoft with details of the vulnerability. A "critical" fix has been released for all supported versions of Windows. Windows Print Spooler now writes to the file system in a safer way and warns users who attempt to install untrusted printer drivers.
20-year-old Windows printer security vulnerability discovered
Übergizmo | 14 July 2016
This bug is actually a security vulnerability that was discovered in the Windows Print Spooler software. If the printer is connected to a network, like in an office, it could potentially spread to other PCs on the same network as well, infecting all of them in the process.
Microsoft issues new Windows 10 preview build, patches critical flaws
NewsFactor | 14 July 2016
Described as a "watering hole" attack, the 20-year-old printer vulnerability was identified and analyzed by security researcher Nick Beauchesne. Noting that Microsoft worked with the cybersecurity firm Vectra Networks to investigate the vulnerability, Beauchesne posted an analysis of his findings on Vectra's website.
Pwned by your printer! Microsoft patches critical printer spooler bug
Sophos | 14 July 2016
The hole was reported to Microsoft by security researchers from Vectra Networks, and it’s one of those bugs about which you can’t help thinking, “Golly gosh, that should never have happened.” Fortunately, as far as we know, Vectra was the first company to figure this one out, and disclosed it responsibly to Microsoft, which has now issued a patch.
20-year-old Windows printer flaw exposes you to malware
The Inquirer | 14 July 2016
Vectra looked into the printer installation process in a number of different versions of Windows and found a common problem that is old enough to remember when Kanye West was just a rapper.
InformationWeek | 14 July 2016
"So in the end, we have a mechanism that allows the downloading of executables from a shared drive, and run them as a system on a workstation without generating any warning on the user side," wrote Nicolas Beauchesne, senior threat researcher at Vectra Networks.
Engadget | 14 July 2016
Researchers at Vectra discovered a roughly 20-year-old flaw in Windows Print Spooler (which oversees the printing process) that lets attackers slip malware on to a PC. The spooler doesn't verify that a printer's drivers are legitimate so it's possible for attackers to install maliciously-coded drivers thorough the Internet or the printer itself.
Microsoft fixes decades-old printer bug in Windows
PC Magazine | 14 July 2016
The primary problem is that an attacker could compromise a printer – a not-so-secure device, Vectra notes – which then allows the printer to distribute malware disguised as system-level printer drivers. Attackers then gain access to the infected system to spread malware to anyone else foolish enough to try connecting to the printer.
Microsoft patches 20-year-old critical printer vulnerability
SecurityWeek | 14 July 2016
Security researchers at the Vectra Threat Labs recently discovered two security issues affecting the Windows Print Spooler components and say that they allow an attacker to compromise systems via the printer itself. These are a remote code execution flaw and an elevation of privilege vulnerability, both of which were patched by Microsoft.
Hunting the snark with machine learning, artificial intelligence and cognitive computing
SecurityWeek | 14 July 2016
Vectra CSO Günter Ollmann explains that the unsupervised learning element comes from first baselining the network’s usual behavior. The system then monitors for any abnormal behavior on the network. It can be aided, he added, with "hints," or manually labeled events – but basically it works on its own.
Ready to print? Here's malware instead
infoRisk Today | 14 July 2016
"Microsoft is pretty much between a rock and a hard place," Nicolas Beauchesne, senior security researcher with Vectra, says. "Printer vendors have yet to agree on a printing standard or in some cases, to even sign their drivers. Ensuring that every driver is signed would break older printers until their respective vendors deploy new drivers for all their models."
Ancient Windows printer flaw exposes you to malware
IT Security Guru | 14 July 2016
Researchers at Vectra Networks have discovered a roughly 20-year-old flaw in Windows Print Spooler (which oversees the printing process) that lets attackers slip malware on to a PC. As the spooler doesn’t verify that a printer’s drivers are legitimate when you plug the hardware in, it’s possible for attackers to install maliciously-coded drivers thorough either the internet or the printer itself.
Alphr | 14 July 2016
Whenever software is updated, security experts are usually pretty quick to spot flaws that could lead to malware infections, aided by various bug bounties and the like. Some potential flaws however slip through the net for days, weeks, months, years and - very rarely - decades. Vectra Networks has found one such flaw that dates back around 20 years.
Hackers can take over your PC through your printer
ITProPortal | 14 July 2016
"This research underscores the many possibilities that IoT devices, like printers, present to attackers," said Vectra CSO Günter Ollmann. "Such devices are rarely assessed for security flaws, backdoors, or as watering hole threats, and represent a growing blind spot for both corporate and home networks."
Windows warning: This 20-year-old glitch could leave you vulnerable to malware
Daily Express | 14 July 2016
Researchers at Vectra Networks have unearthed a 20-year-old flaw in Windows Print Spooler, used to oversee the printing process from Microsoft desktop and laptop machines, that leaves machines open to attackers. According to Vectra Networks, the Print Spooler does not check whether a printer's drivers are legitimate as you plug in the hardware.
Kritische Sicherheitslücke in Windows
IT Administrator | 14 July 2016
Gravierende Sicherheitslücke in Microsoft Windows: Die IT-Sicherheitsexperten von Vectra Networks haben ein Sicherheitsleck entdeckt, das alle Microsoft Windows Anwender betrifft, die einen Drucker nutzen. Dieses ermöglicht Hackern, mit relativ einfachen Mitteln, Computer innerhalb eines Netzwerkes automatisch mit Schadsoftware zu infizieren, sobald sich diese mit einem Drucker verbinden.
Kritische Windows-Lücke: Drucker können Malware einschleusen
ZDNet | 14 July 2016
Vectra Networks hat seine jüngsten Ergebnisse des Vectra Threat Labs veröffentlicht. Das berichtet das Online IT- und Business Magazin ZDNet. Die Experten der Forschungseinrichtung haben eine kritische Sicherheitslücke bei Microsoft Windows entdeckt, die es Hackern mithilfe von infizierten oder fingierten Druckertreibern ermöglicht, die Systemkontrolle über Computer innerhalb eines Netzwerks zu erlangen.
Sicherheitslücke in Windows ermöglicht Malware-Ausbreitung via Netzwerkdrucker
Datensicherheit.de | 14 July 2016
Die Forscher des Sicherheitsexperten Vectra Networks haben ein kritisches Sicherheitsleck in Microsoft Windows entdeckt. Dieses ermöglicht Hackern, mit relativ einfachen Mitteln, Computer innerhalb eines Netzwerkes automatisch mit Schadsoftware zu infizieren, sobald sich diese mit einem Drucker verbinden.
Microsoft patches remote flaw dating back to Win 95
iTWire | 13 July 2016
Among the critical flaws the most severe was one which affects all versions of Windows back to Windows 95 and involves the way that client devices interact with network printers. Theoretically, an attacker could use this hole to execute code at system level either over a local network or the Internet.
Microsoft splats bug that turns printers into drive-by exploit kits
Help Net Security | 13 July 2016
“The problem is these are system-level drivers housed on printers, which themselves are not typically well-secured. So we have a weakly secured device that talks to nearly every Windows end-user device and is trusted to deliver a system-level driver without checks or warnings,” says Wade Williamson, Vectra director of threat analytics.
20-year-old Windows bug lets printers install malware
Help Ars Technica | 13 July 2016
"Not only will that unit be able to infect multiple machines in your network, but it would also be able to re-infect [them] over and over," Vectra senior threat researcher Nick Beauchesne wrote in a blog post detailing the vulnerability. "Finding the root cause might be harder since the printer itself might not be your usual suspect."
It's 2016 and Windows lets crims poison your printer drivers
The Register | 13 July 2016
Among the Microsoft messes fixed in latest round of Patch Tuesday updates is a doozy that lets remote attackers compromise Windows machines thanks to a critical security vulnerability affecting printer drivers. Vectra CSO Günter Ollmann described the exploit as a "powerful" watering hole attack that helps hackers move easily to other hosts.
Sicherheitslücke lässt Drucker Malware verteilen
Golem.de | 13 July 2016
Ein Fehler in der Druckerverwaltung von Windows ermöglicht es, Schadcode im Netzwerk zu verteilen und mit Systemberechtigung auszuführen. Diese und andere Lücken hat Microsoft heute gepatcht. Microsoft hat am Patchday eine Lücke im Druckermanagement von Windows gepatcht. Durch sie können Drucker in bestimmten Anwendungsszenarien Schadcode an Clients in einem Netzwerk ausliefern.
Influencers: Antihacking law obstructs security research
The Christian Science Monitor | 13 July 2016
"Many researchers fear that the onerous terms of service of internet sites may trigger the (1984 Computer Fraud and Abuse} Act through basic security research, or even by mistake," Vectra CSO Günter Ollmann tells Jack Detsch of the Christian Science Monitor.
Print servers menacing Windows PCs – yup, it's Patch Tuesday
The Register | 12 July 2016
A man-in-the-middle attacker on a network can execute code on a remote vulnerable machine, or elevate their privileges if already running code on a system. Essentially, a rogue printer server on a network can inject malware into connected PCs. All supported versions of Windows and Windows Server are vulnerable.
Microsoft's Patch Tuesday updates led by rare print spooler bug
SC Magazine | 12 July 2016
This bulletin contains CVE-2016-3238 and CVE-2016-3239, which if exploited could allow an attacker to execute a man-in-the-middle attack on a workstation or print server allowing remote code execution.
Every version of Windows hit by "critical" security flaw
ZDNet | 12 July 2016
Nicolas Beauchesne, a security researcher at Vectra Networks, who was credited with finding the flaw, explains in a blog post how the flaw works.
Critical security update issued for Windows Print Spooler on Windows Vista and later
WinBeta | 12 July 2016
Every now and then we like to make our audience aware of important security updates to Windows machines, and today Microsoft issued a critical security bulletin about just such a thing.
Windows Print Spooler flaws lead to code execution
Threatpost | 12 July 2016
“The problem is that driver doesn’t need to be a driver,” Ollmann said. “It could be any executable code. The vulnerability allows any attacker to use a printer which has installed a fake driver, or malicious executable, to be automatically installed and execute on any Windows system on that network that is looking for printer or wants to print.”
Microsoft patches 'critical' security flaw
The Hill | 12 July 2016
Microsoft says it patched a "critical" security flaw that affected all versions of its Windows software dating back years. The flaw was in all Windows versions since Windows Vista. Microsoft and Vectra acknowledged the flaw on Tuesday. The vulnerability is patched in the latest batch of updates, which were released the same day.
Vulnerability exploitable via printer protocols affects all Windows versions
Softpedia | 12 July 2016
By this point in time, CVE-2016-3238 is by far the vulnerability of the year, being easy to execute, providing different methods of launching attacks, and affecting a humongous number of users.