Latest in Gear

Image credit: Joseph Branston/Official Windows Magazine via Getty Images

Ancient Windows printer flaw exposes you to malware

Thankfully, there's already a fix.
1013 Shares
Share
Tweet
Share

Sponsored Links

Joseph Branston/Official Windows Magazine via Getty Images

Security holes don't always originate in relatively recent bugs... sometimes, they can stem from code written in an entirely different era. Researchers at Vectra Networks have discovered a roughly 20-year-old flaw in Windows Print Spooler (which oversees the printing process) that lets attackers slip malware on to a PC. As the spooler doesn't verify that a printer's drivers are legitimate when you plug the hardware in, it's possible for attackers to install maliciously-coded drivers thorough either the internet or the printer itself. The exploit can not only infect numerous computers if it's shared on a network, but keep infecting as computers discover the peripheral.

Microsoft already has a patch ready, so you're safe if you're using Windows Vista or later. However, the exploit also works on Windows XP and earlier, which Microsoft stopped supporting (outside of special contracts) years ago. That theoretically leaves millions of old PCs permanently vulnerable to this attack. The main saving grace: the attacker needs to attach the device to your PC or the local network. As such, the threat is mainly limited to public hotspots, loosely guarded office networks and other situations where someone could theoretically attach a rogue printer without drawing your attention.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
1013 Shares
Share
Tweet
Share

Popular on Engadget

Citroën's new EV is a tiny two-seater that only costs $22 a month

Citroën's new EV is a tiny two-seater that only costs $22 a month

View
Clearview AI leak names businesses using its facial recognition database

Clearview AI leak names businesses using its facial recognition database

View
Apple's keyboard cover for the next iPad Pro could add a trackpad

Apple's keyboard cover for the next iPad Pro could add a trackpad

View
Facebook sues analytics firm that stole user data through third-party apps

Facebook sues analytics firm that stole user data through third-party apps

View
Bose Frames work with Microsoft's navigation tech for the blind

Bose Frames work with Microsoft's navigation tech for the blind

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr