[Most Recent Entries] [Calendar View]
Thursday, July 22nd, 2021
| Time | Event |
| 3:30a | 16-Year-Old HP Printer-Driver Bug Impacts Millions of Windows Machines An anonymous reader quotes a report from Threatpost: Researchers have released technical details on a high-severity privilege-escalation flaw in HP printer drivers (also used by Samsung and Xerox), which impacts hundreds of millions of Windows machines. If exploited, cyberattackers could bypass security products; install programs; view, change, encrypt or delete data; or create new accounts with more extensive user rights. The bug (CVE-2021-3438) has lurked in systems for 16 years, researchers at SentinelOne said, but was only uncovered this year. It carries an 8.8 out of 10 rating on the CVSS scale, making it high-severity. According to researchers, the vulnerability exists in a function inside the driver that accepts data sent from User Mode via Input/Output Control (IOCTL); it does so without validating the size parameter. As the name suggests, IOCTL is a system call for device-specific input/output operations. "This function copies a string from the user input using 'strncpy' with a size parameter that is controlled by the user," according to SentinelOne's analysis, released on Tuesday. "Essentially, this allows attackers to overrun the buffer used by the driver." Thus, unprivileged users can elevate themselves into a SYSTEM account, allowing them to run code in kernel mode, since the vulnerable driver is locally available to anyone, according to the firm. The printer-based attack vector is perfect for cybercriminals, according to SentinelOne, since printer drivers are essentially ubiquitous on Windows machines and are automatically loaded on every startup. "Thus, in effect, this driver gets installed and loaded without even asking or notifying the user," explained the researchers. "Whether you are configuring the printer to work wirelessly or via a USB cable, this driver gets loaded. In addition, it will be loaded by Windows on every boot. This makes the driver a perfect candidate to target since it will always be loaded on the machine even if there is no printer connected." Affected models and associated patches can be found here and here. "While HP is releasing a patch (a fixed driver), it should be noted that the certificate has not yet been revoked at the time of writing," according to SentinelOne. "This is not considered best practice since the vulnerable driver can still be used in bring-your-own-vulnerable-driver (BYOVD) attacks." Some Windows machines may already have the vulnerable driver without even running a dedicated installation file, since it comes with Microsoft Windows via Windows Update. 
Read more of this story at Slashdot.  |
| 10:40p | Leaked Intel i9-12900K Benchmark Shows Gains Over the Ryzen 5950X UnknowingFool writes: An engineering sample of Intel's next flagship processor, the i9-12900K, was shown to beat AMD's current flagship 5950X in Cinebench R20 by 18% in multi-core and 28% in single-core tests. The next generation of Intel processors is believed to use a hybrid big.LITTLE design where 8 of its 16 cores are for low power usage and 8 are for full power. The low power cores only run in single thread where the high power cores can run 2 threads. No official word on pricing or release date from Intel though but engineering samples and B600 motherboards are being sold in China for $1,250 and $1,150, respectively. According to leaker OneRaichu, the results for the 12900K were gathered using water-cooling and without overclocking, so it's possible the final score could be even higher. The rumors suggest the processor will come with 16 cores and 24 threads with a boost clock speed of up to 5.3GHz.
Read more of this story at Slashdot. |
| << Previous Day |
2021/07/22 [Calendar] |
Next Day >> |