Jul 15, 2016 06:31 AM EDT
Microsoft Security Patches: Redmond-Based Tech Giant Finally Rolls Out A Patch To Fix A 20-Year-Old Security Flaw; But Is It Really Effective?
Microsoft recently released its monthly security patch, and one of the fixes that rolled out along with it targeted a 20-year-old security bug.
The aforementioned security flaw enabled malicious users to covertly install a hand-picked malware on computers that connect to fake printers, or devices that pose as printers.
Vectra Networks' security experts found that the issue dwells in the Windows Print Spooler (Windows component that connects to available printers).
Windows Print Spooler's problem exists in its lack of proper authentication for updating print drivers when people attempt to install the drivers using remote locations. This permit attacker to use several methods to transfer maliciously modified drivers instead of the simple original printer driver.
Using this loophole, a slew of devices such as printers, printer servers or any network-connected device for that matter, can pose as a printer and then infect other machine immediately after they connect to the network.
What's even worse is that the infected device could repeatedly reinfect every machine connected to your network, Nick Beauchesne, a researcher with Vectra said explaining the risk in a post on VectraNetworks blog.
The fact that not many computer users see printers as a security threat makes it even harder to identify them as the origin of the problem. Its no secret that a printer isn't quite safe as a device that users connect to their computers, and assigning the responsibility of holding the driver safely to the printer makes users even more vulnerable to risks they are not even aware of.
According to HD Moore, a security expert at Special Circumstances, hackers could connect either a laptop or a mobile device that falsely identifies itself as a network printer. When people using that network connect to it, the device manipulates to transfer malicious driver.
Alternatively, attackers can tamper with its firmware as well, and program the printer to send out a driver that is rigged as per the hacker's will. Although the approach seems a little complicated, it was successfully tested by researchers at Vectra, TechTimes reported.
Another flaw that comprise of the point-and-print protocol permitted untrusted users on a network to modify their account privileges from guests to system admin.
Along with the recently rolled out patch, Microsoft issued an advisory that designates the code execution vulnerability as risky on all versions of Windows. In fact, Vectra noted that the security flaw can be traced as old as Windows 95.
It is worth noting here that the fix from Microsoft does not actually block the code execution to happen, but simply pops up a warning for the end user.
Taking into consideration how most of users respond to warnings, do you think this is an effective approach to solve a problem that has troubled Windows users for twenty years? Share your thoughts in the comments below!
Join the Conversation