Incident Response, Patch/Configuration Management, TDR, Vulnerability Management

Industry pros consider widespread affects of Windows printer flaw

Industry sources prepare for the security implications of a serious flaw affecting the Microsoft Web Point-and-Print Protocol (MS-WPRN), a software component used in the Windows Print Spooler by computers when connecting to a network printer.

The 20-year-old flaw, discovered by researchers at Vectra Networks, allows any printer – or any device that mimics a printer – to install malware on computers through a local area network. The print spooler does not authenticate printer drivers, allowing attackers to infect multiple computers on the network and then to continue to infect additional devices as on the network as they discover the driver.

Industry pros said the potential for exploitation of the vulnerability creates terrifying scenarios of breached corporate networks. The flaw, which was patched on Tuesday, brings to mind mega-breaches of recent years, said Sam McLane, Arctic Wolf's head of security operations. “It's just a matter of time before we see this vulnerability exploited and read about another breach that is on the scale of the Target or Sony incidents,” he said.

The situation creates the perfect storm because an extremely serious flaw occurs alongside the logistically complex task of patching “thousands or hundreds of thousands of these devices” at some organizations, Travis Smith, senior security research engineer at Tripwire, told SCMagazine.com. Deployment of patches is never a simple matter, because “the risk of breaking business operations often outweighs the cost of the vulnerability,” so companies must carefully vet whether the patch will affect other aspects of the company.

However, he warned companies, “If you don't patch it, nearly every single Windows machine in your network will be vulnerable to an attacker who has obtained system level credentials.”

Potential for the exploitation of the bug “brings us back to the risks of man-in-the-middle and supply chain attacks,” Carbon Black Chief Security Strategist Ben Johnson, wrote in an email to SCMagazine.com. “You can wheel in an infected printer and compromise the whole office — a powerful option for targeted attacks.”

The flaw creates “a perfect back door for hackers to infiltrate a large company through an SME supplier,” added McLane.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.