Printer Sårbarhed Da Windows 95 Put Hele Enterprises at Risk

Printer Sårbarhed Da Windows 95 Put Hele Enterprises at Risk

1 Star2 Stars3 Stars4 Stars5 Stars (Ingen stemmer endnu)
Loading ...


Printer Vulnerability – How Using a Printer Can Attract Threats

Every home office or business uses printers in their daily work – if we are printing out an essay at home, or we are printing out a contract in the office. Normalt, our printer is connected to other devices – PCs, laptops, and other electronics, creating a network of sharing and exchanging information constantly. If some malware gains access to one device, it can spread throughout all devices connected to the entire network.

There is a known vulnerability that has existed in the Windows printers for some time (siden Windows 95), resolving which has been unsuccessful so far: when connecting to a printer, the user has to install the needed drivers to operate with it; most of the times malicious software gains access to the network through these drivers, which are often freely and randomly downloaded without security checks or at least none that can detect if the downloaded driver is infected.

Relaterede: Windows User Security Bibel

This way an attacker could easily gain access and compromise a printer, which is a device that doesn’t have such high level security protection, and through it to gain access to the entire network and commit cyber-crimes. In some cases the attacker doesn’t even need to infect an actual printer; they can use a network-equipped device that can pretend it is a printer, dvs.. den bærbare computer. I andre tilfælde, the attacker can just wait for a legitimate driver request to a legitimate network printer, and respond with malware disguised as drivers.

What Is the Solution to the Printer Vulnerability?

Vectra Network, a security firm which investigated this problem alongside Microsoft, explained that the vulnerability comes from the way the users connect to the printers; in big modern organizations often are available different makes and models of printers and users have the option to choose to which printer to connect, which results in installing different drivers to be able to operate with the different devices. I de fleste tilfælde, companies use the Microsoft Web Point-and-Print (MS-WPRN) tilgang, which allows these users to connect to any printer on the network, without receiving any warning about the installed drivers, to get the procedure as fast and as convenient as possible.

Relaterede: kritisk Windows 10 Sårbarhed

A recent upgrade has found a kind of solution to the problem – not exactly fixing it, but executing checks and providing warnings to the user when downloading these drivers. The most recent patch cycle of Microsoft will now warn users if they are installing “untrusted” printer drivers, aiming to avoid this installation. På denne måde, users will restrict the access of the attackers to their network. This will also prevent attacks which come not from a specific attacker, but from the Internetcompromised websites or ads can try to connect to the printers in the network, being the most vulnerable devices, and spread malware, if not noticed. These warnings will trigger a new way of dealing with malware threats to the printers, as well as to products like Edge, Internet Explorer and Adobe Flash.


Milena Dimitrova

En inspireret forfatter og indhold leder, der har været med SensorsTechForum for 4 år. Nyder ’Mr. Robot’og frygt’1984’. Fokuseret på brugernes privatliv og malware udvikling, hun tror stærkt på en verden, hvor cybersikkerhed spiller en central rolle. Hvis almindelig sund fornuft giver ingen mening, hun vil være der til at tage noter. Disse noter senere kan blive til artikler!

Flere indlæg

Efterlad en kommentar

Din e-mail-adresse vil ikke blive offentliggjort. Krævede felter er markeret *

Frist er opbrugt. Venligst genindlæse CAPTCHA.

Del på Facebook Del
Loading ...
Del på Twitter Tweet
Loading ...
Del på Google Plus Del
Loading ...
Del på Linkedin Del
Loading ...
Del på Digg Del
Del på Reddit Del
Loading ...
Del på Stumbleupon Del
Loading ...