News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • CVE-2021-3438: 16 Years In Hiding – Millions of Printers Worldwide Vulnerable

    Home Forums AskWoody support Windows CVE-2021-3438: 16 Years In Hiding – Millions of Printers Worldwide Vulnerable

    Viewing 2 reply threads
    • Author
      Posts
      • #2379416
        Alex5723
        AskWoody Plus

        Executive Summary

        SentinelLabs has discovered a high severity flaw in HP, Samsung, and Xerox printer drivers.
        Since 2005 HP, Samsung, and Xerox have released millions of printers worldwide with the vulnerable driver.
        SentinelLabs’ findings were proactively reported to HP on Feb 18, 2021 and are tracked as CVE-2021-3438, marked with CVSS Score 8.8.
        HP released a security update on May 19th to its customers to address this vulnerability.

        Discovering an HP Printer Driver Vulnerability
        Several months ago, while configuring a brand new HP printer, our team came across an old printer driver from 2005 called SSPORT.SYS thanks to an alert by Process Hacker once again.

        This led to the discovery of a high severity vulnerability in HP, Xerox, and Samsung printer driver software that has remained undisclosed for 16 years. This vulnerability affects a very long list of over 380 different HP and Samsung printer models as well as at least a dozen different Xerox products….

        Mod edit: quote formatting

        2 users thanked author for this post.
      • #2379471
        Moonbear
        AskWoody Lounger

        Is there a link to the full list anywhere?

        I couldn’t find that patch from May when I searched for my Officejet model on the HP support site.

        Edit: Never mind, I misread the summary. No Officejet models are listed. (So far)

      • #2379512
        Alex5723
        AskWoody Plus

        I have SSPORT.SYS file on my system.
        Using Samsung AIO Laser printer CLX-3185FN.

    Viewing 2 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, no politics or religion.

    Reply To: CVE-2021-3438: 16 Years In Hiding – Millions of Printers Worldwide Vulnerable

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.