Welcome to our portal! Hope you will enjoy your time with us.

20-Year-Old Vulnerability Sneaks Malware Into Windows PCs, Patch Released

641 Views 0 Comment
Spread the love
There is a 20-year old vulnerability existing in Windows, that can potentially affect millions of PCs across the world, right from Windows 95 to the latest version. Even though Microsoft has issued a patch for Windows Vista and subsequent versions of Windows, the older versions are still open to the vulnerability.

The vulnerability is present in the Windows Print Spooler process, which is the service that allows machines to interact with printers connected to a network. By exploiting this vulnerability, hacker can gain elevated access to inject malicious code at the system level, over LAN or through the internet.

The Windows Print Spooler is the service that automatically downloads the necessary drivers when connecting a PC to any available network-hosted printer. The drivers are downloaded automatically, to prevent the manual hassle. However, there is no way to authenticate the drivers, thus making it possible for hackers to package malware through the automatic driver download.

Once malicious drivers are installed, the entire network could be affected. Multiple computers in the network will be infected, not once, but over and over again. Also, finding the source of the malware is difficult, as the printer itself is not the culprit. We assume The printer is assumed to store the driver safely, but they are not as secure as one would hope to be.

The malware, once it got system-level access, can spread from one machine to the entire network, turning any printer, printer server or any network connected printer into an ‘internal drive-by exploit kit’.

The vulnerability was discovered by researchers from Vectra Networks. They claim it dates back to as far as Windows 95. Microsoft themselves rated the vulnerability as critical for all versions of Windows.

However, the security patch released by Microsoft, does not close the security hole. Rather, it just adds a warning prompt when a new printer is installed over a network.

The security patch also doesn’t work for versions older than Windows Vista. PCs running Windows XP or earlier, are thus, still vulnerable.

Also Read: New Android Malware ‘Hummingbad’ Supposedly Affecting Millions Of Devices


Leave a Comment