How to secure vulnerable printers on a Windows network

Source
Advertisement


At the recent Black Hat conference, Peleg Hadar and Tumar Bar of SafeBreach Labs pointed out that the way to a network’s heart is often through its printers. In 2010, one of the vulnerabilities Stuxnet used was a remote code execution on a computer with printer sharing enabled. To reach Iran’s centrifuges, Stuxnet exploited a vulnerability in the Windows Print Spooler service to gain code execution as NT AUTHORITY\SYSTEM.

The method Stuxnet used to propagate across the network is still possible. In fact, Hadar and Bar announced that the security updates that Microsoft released in August includes a fix for a printer vulnerability that they discovered.

Advertisement