Microsoft Patch Tuesday Saves Users from Rogue Printers
The second Tuesday of the month has come and gone, and you know what that means: Patch Tuesday has filled Windows PCs with fixes for all sorts of problems, both great and small. While the majority of fixes this month are pretty run-of-the-mill items, one does stand out above the rest: a patch for two vulnerabilities that could have allowed cybercriminals to attack you through your printer.
The old-fashioned way to take care of rogue printers. Credit: 20th Century Fox
Microsoft released a full list of Patch Tuesday fixes, and while it hasn’t explained exactly how the flaws work (it would be dangerous to do so before users update their systems), the printer patch is something well outside the norm.
The closely related flaws, solved by patch MS16-087, are in the Windows print spooler software and could allow remote code execution and elevation of privilege — in plain English, attacks over a network that escalate to full system control. As such, the patch was deemed Critical by Microsoft. All currently supported versions of Windows — Vista, Server 2008, 7, Server 2008 R2, 8.1, Server 2012, Server 2012 R2, RT and 10 — could fall victim to exploits of the flaws.
Imagine this hypothetical scenario: You work in an office with a printer connected to the network. Information gets sent between computers and the printer through the network server. An attacker gets into the network and adds a malicious print order to a networked printer, which would probably have far weaker security than any computer on the same network.
Microsoft did not reveal exactly how the next step would work, but suggested that an attacker could execute a man-in-the-middle attack to intercept information traveling along the network. From there, he or she could hijack a system and do anything, from install malicious software to steal information.
The printer issue sounds like it could only affect networked printers, not those that are attached to computers with a simple USB cable. Still, given the prevalence of Wi-Fi-networked printers, even in residential homes, it’s probably smart to update your PC as soon as possible. Most Windows machines update automatically, but if yours doesn't, just search for "Windows update" from the Start menu and follow the instructions.
There's no evidence that cybercriminals have exploited any of these vulnerabilities in the wild, so patch your computer as soon as you can, and you shouldn't have any problems. Unless you're a security researcher, of course, and can't wait to see firsthand how a printer could have been the biggest threat in a workstation.