Unsolved
10 Elder
•
45.2K Posts
0
1103
July 22nd, 2021 11:00
Serious printer security flaw may affect millions...
- SentinelLabs has discovered a high severity flaw in HP, Samsung, and Xerox printer drivers.
- Since 2005 HP, Samsung, and Xerox have released millions of printers worldwide with the vulnerable driver.
- SentinelLabs’ findings were reported to HP on Feb 18, 2021 and are tracked as CVE-2021-3438, marked with CVSS Score 8.8.
- HP released a security update on May 19th to its customers to address this vulnerability.
- NOTE: All of the affected models are manufactured by HP, regardless of the name on the printer.
So if you think your printer may be affected, go to the HP site and put in the make and model number, even if it's not known as an "HP" printer.
FWIW, my Samsung ProXpress M3320 laser printer is on the list and has a software update available. I had no idea it was made by HP...!
No Events found!
speedstep
9 Legend
•
47K Posts
0
July 22nd, 2021 12:00
@RoHe
Easier Way would be to check for SSPORT.SYS file on your drive.
Very unlikely a 32 bit 15 year old driver exists on your drive from 2006. The list of affected products is not large.
Open Admin command prompt
Go to C:\
Attrib ssport*.* -r -a -s -h /s
Dir SSPORT*.* /b /s
https://nvd.nist.gov/vuln/detail/CVE-2021-3438
Product Name
Model
HP Color Laser 150 Series
4ZB94A, 4ZB95A
HP Color Laser MFP 170 Series - 178/179
4ZB96A, 4ZB97A, 6HU08A, 6HU09A
HP Laser 100 Series - 103/107/108
4ZB81A, 5UE14A, 209U7A, 4ZB79A, 4ZB80A
HP Laser 408 Printer Series
7UQ75A
HP Laser MFP 130 Series - 131/133/135/137/138
4ZB92A, 4ZB93A, 4ZB82A, 6HU10A, 5UE15A, 4ZB83A, 6HU11A, 4ZB85A, 4ZB87A, 4ZB86A, 9VV52A, 4ZB84A, 6HU12A, 4ZB91A, 4ZB88A, 4ZB89A, 4ZB90A
HP Laser MFP 432 Series
7UQ76A
HP LaserJet MFP M4252x Series
7AB26A, 7ZB25A, 7ZB72A
HP LaserJet MFP M4262x Series
8AF49A, 8AF50A, 8AF51A, 8AF52A
HP LaserJet MFP M433 Printer Series
1VR14A
HP LaserJet MFP M436 Printer Series
2KY38A, W7U01A, W7U02A
HP LaserJet MFP M437 Series
7ZB20A, 7ZB19A, 7ZB21A
HP LaserJet MFP M438 Series
8AF43A, 8AF44A, 8AF45A
HP LaserJet MFP M439 Series
7ZB22A, 7ZB23A, 7ZB24A
HP LaserJet MFP M440 Series
8AF46A, 8AF47A, 8AF48A
HP LaserJet MFP M442 Series
8AF71A
HP LaserJet MFP M443 Series
8AF72A
HP LaserJet MFP M72625-M72630 Series
2ZN49A, 2ZN50A
Samsung ML-651x Laser Printer Series
SS153A, SV899C, SV900A, SV901A, SS154A
Samsung MultiXpress CLX-9251 Laser Multifunction Printer series
SS005A, SV719A
Samsung MultiXpress CLX-9301 Laser Multifunction Printer Series
SW179A, SS007A, SW152A
Samsung Xpress SL-M3015 Laser Printer Series
SS360A
RoHe
10 Elder
•
45.2K Posts
0
July 22nd, 2021 12:00
That list of printers isn't complete. My Samsung printer isn't on it but it has a software update available today at the HP website.
I have SSPORT.SYS on my XPS 8930, running Win 10 Pro, 64-bit, v21H1, that's dated 4-1-2021. It was probably installed via Windows Update which lists a Samsung driver update on 5-3-2021, in the WU history.
The update I downloaded is a tiny .exe file (185 KB) and installed instantaneously.
speedstep
9 Legend
•
47K Posts
0
July 24th, 2021 20:00
I had did a system wide audit 23,586 dell systems for the existance of the file as well as the existance of specific models. NONE of my systems for the past 16 years have this issue. So again Its not a large amount being millions of machines and its not a lot of users. This is a marketing ploy by HP and Samsung to harvest email's and other system information so they can cold call you and spam your inbox.
Thats why looking for the affected file is a better way to go. If you do not have it there is no reason to offer your private information to HP or Samsung or anyone else.
I also remotely checked clients in several states and none of them had this as well.
RoHe
10 Elder
•
45.2K Posts
0
July 25th, 2021 10:00
I didn't have to enter any personal info at the HP site. All I had to do was enter the printer make and model number (not serial number) to see if it was on the list.
Don't own any HP printers or other HP devices, and I've never registered with them. So I haven't given them any of my info. And I didn't register an account with Samsung when I got this printer several years ago...
RoHe
10 Elder
•
45.2K Posts
0
August 12th, 2021 17:00
Microsoft has finally fixed this print spooler “PrintNightmare" vulnerability as part of this week's Windows Update KB5005033 for Win 10 21H1, which fixes a total of 51 vulnerabilities.