Dismiss this notice
Revo Uninstaller Pro 4 Father's Day 2021 Giveaway - https://www.geeks.fyi/showthread.php?tid=15283

Dismiss this notice
Bandicam Father's Day 2021 Giveaway - https://www.geeks.fyi/showthread.php?tid=15282

Dismiss this notice
AirVPN Father's Day 2021 Giveaway - https://www.geeks.fyi/showthread.php?tid=15281

Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
16-Year-Old HP Printer-Driver Bug Impacts Millions of Windows Machines
#1
Information 
Quote:Researchers have released technical details on a high-severity privilege-escalation flaw in HP printer drivers (also used by Samsung and Xerox), which impacts hundreds of millions of Windows machines.
 
If exploited, cyberattackers could bypass security products; install programs; view, change, encrypt or delete data; or create new accounts with more extensive user rights.
 
The bug (CVE-2021-3438) has lurked in systems for 16 years, researchers at SentinelOne said, but was only uncovered this year. It carries an 8.8 out of 10 rating on the CVSS scale, making it high-severity.
 
According to researchers, the vulnerability exists in a function inside the driver that accepts data sent from User Mode via Input/Output Control (IOCTL); it does so without validating the size parameter. As the name suggests, IOCTL is a system call for device-specific input/output operations.
 
“This function copies a string from the user input using ‘strncpy’ with a size parameter that is controlled by the user,” according to SentinelOne’s analysis, released on Tuesday. “Essentially, this allows attackers to overrun the buffer used by the driver.”
 
Thus, unprivileged users can elevate themselves into a SYSTEM account, allowing them to run code in kernel mode, since the vulnerable driver is locally available to anyone, according to the firm.

Read more: 16-Year-Old HP Printer-Driver Bug Impacts Millions of Windows Machines | Threatpost
[-] The following 1 user Likes silversurfer's post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username:


Password:





[-]
Recent Posts
YouTube Premium Lite disables ads on You...
YouTube Premium...harlan4096 — 06:53
Which web browser is the most efficient ...
All desktop web...harlan4096 — 06:51
The ransomware recovery process takes lo...
Ransomware reco...harlan4096 — 06:33
AV-Comparatives: Spotlight on Security: ...
Spotlight on Se...harlan4096 — 06:29
New in 2021.8: Improved threat remediati...
This month we c...harlan4096 — 06:25

[-]
Birthdays
Today's Birthdays
avatar (40)WilsonHep
avatar (39)pironfub
Upcoming Birthdays
avatar (37)schanumget
avatar (45)apertosibBip
avatar (39)MatthewTop
avatar (43)RussellRuigh
avatar (50)isyqop
avatar (40)AntoineLer
avatar (34)prefenouff
avatar (35)emogig
avatar (43)riafootgtap
avatar (34)fixlnub
avatar (41)greencek
avatar (42)floraJoumn
avatar (37)Isabelle88Nes
avatar (37)ferpuMip
avatar (34)kinotExaro
avatar (46)HerbertPab
avatar (43)Susanskymn
avatar (37)stepaRurry
avatar (33)torieyang
avatar (34)trafgawark
avatar (42)MichaelPlaup
avatar (35)hattiepn1
avatar (35)JasonSoult
avatar (32)hyxamuc

[-]
Online Staff
There are no staff members currently online.

>