A 20-year-old Windows security weak spot has just been patched

Whenever software is updated, security experts are usually pretty quick to spot flaws that could lead to malware infections, aided by various bug bounties and the like. However, some potential flaws slip through the net for days, weeks, months, years and – very rarely – decades. Vectra Networks has found one such flaw that dates back around 20 years.

The problem originates in Windows Print Spooler – part of the operating system’s software that (as the name suggests) deals with the printing process. The problem is that the spooler doesn’t bother to verify whether a printer’s drivers are legitimate when a printer is plugged in, meaning that it’s possible for malicious types to slip their own nasty drivers onto the computer without raising any flags within Windows. Not only that, but it can infect any computers on the network and keep infecting machines as they discover the dodgy printer.

READ NEXT: Hospitals and national grid “will be hacked in 2016”20_year_windows_printer_security_flaw_patched

Microsoft has been very quick at getting a patch out of the door, so as long as you’re using Windows Vista or later, this old bug can finally be shut down. The only likely weak spot is Windows XP, which some 10% of computers are still using – and plenty of those in the public sector. Microsoft no longer supports Windows XP, meaning plenty of newly discovered threats go unpatched on the venerable old operating system.

As threats go, this one is pretty limited given it needs an attacker to actually attach a printer to the network, which is hard to do stealthily, but forearmed is forewarned.

Images: gosheshe and Kevin Cortopassi used under Creative Commons

Leave a Reply

Your email address will not be published. Required fields are marked *

Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.