The vendor issued a patch to resolve the security flaw on May 19. SentinelLabs researcher Kasif Dekel reported the vulnerability to HP on February 18.
![hp drivers hp drivers](https://windows-cdn.softpedia.com/screenshots/HP-Drivers-Update-Utility_2.png)
However, SentinelLabs says that the time was not invested in finding a way to weaponize it alone, and a successful exploit may need a chain of vulnerabilities. Local attackers could escalate their privileges to a SYSTEM account and run code in kernel mode in order to perform actions including tampering with a target machine. The vulnerable function in the driver is the acceptance of data without size parameter validation, allowing attackers to overrun the driver's buffer theoretically. "This makes the driver a perfect candidate to target since it will always be loaded on the machine even if there is no printer connected," the researchers say. The driver is also loaded automatically by Microsoft's Windows operating system on PC boot. The driver in question, SSPORT.SYS, is automatically installed and activated, whether the model was wireless or cabled. The security issue is described as a "potential buffer overflow in the software drivers for certain HP LaserJet products and Samsung product printers could lead to an escalation of privilege."Īccording to the researchers, some HP, Xerox, and Samsung printer models contained vulnerable driver software, sold worldwide since 2005. On Tuesday, SentinelLabs published an analysis of the vulnerability, tracked as CVE-2021-3438 and issued a CVSS score of 8.8. How some developers are screwing up open-source software.Android app downloaded 100,000 times contains password-stealing malware.Corrupted open-source software enters the Russian battlefield.
#HP DRIVERS HOW TO#
Windows 11 security: How to protect your home and business PCs.Do these 8 things now to prepare for potential Russian cyberattacks.We review Apple's M1 Ultra-powered Mac StudioĬan digital dollars be as anonymous as cash?
![hp drivers hp drivers](https://i.ytimg.com/vi/fNBMQTJvqpg/mqdefault.jpg)
Using Russian tech? It's time to reconsider the risks. When the boss gets angry at employees' Teams habits