You could be forgiven for thinking that viruses are recent phenomena and the only reason why hackers are doing so much damage is because there are simply too many people on the internet who don’t want to lag behind with ‘internet of things” right around the corner.
Whether it is through their mobile phone or their work computer, the fact is that more and more people are connecting to the internet every single day.
An increase in the number of people who use the internet also means an increase in the number of people who can be scammed, defrauded or robbed on the internet. But this recent news about Windows printer bug seems to suggest otherwise.
Windows Printer Bug
You might think that security holes in devices that are connected to any given network might originate because of recently developed bugs. Developers in the modern world are under tight schedules and are expected to deliver big in relatively short amount of time.
The results are that software engineers take shortcuts and sometimes use code that isn’t sustainable or safe (or secured) to begin with.
But contrary to that logic, this Windows printer bug was coded in a completely different era.
Windows Print Spooler
Engineers at Vectra Networks have recently discovered an opening in Windows Print Spooler that is about 20 years old now.
For those not familiar with the term, the Windows Print Spooler is a service that basically handles the printing process.
Windows Print Spooler used to be quite a versatile service in the beginning of the computer age but nowadays its main purpose is to help in printing documents.
Documents are first formatted for printing and then they are put in a queue at the speed of the computer in question.
But these same documents are retrieved and printed at the speed of the printer, not the computer. Processes can work on documents and put them in the spool without having to wait for long.
Then the computer can work on other tasks while the spooler process handles all the printing tasks.
The problem with this is, of course, if an attacker accesses the Windows Print Spooler then the hacker can easily attack a target computer by slipping malware to the print spooler.
The Windows Print Spooler by default is not able to verify if the printer has been infected or not.
The printer could well be running drivers that are not safe (that is, a hacker put them in the printer so that when a computer asks for printing it can slip the malware to the computer that asks for a print during data exchange).
What does that mean as far as you are concerned?
It means that when you connect a printer to your PC, it is extremely simple for a hacker to transfer some form of malware onto your computer by infecting the printer first and then your computer.
And since your computer isn’t configured to check for malicious content when it receives a print command, your anti-virus software becomes pretty useless.
The hacker would install drivers either through the internet (if you aren’t in a physically connected office) or use the printer itself. In both cases, your PC is at risk.
If your PC is connected to a network, for example, if you work in an office and there is a printer present somewhere inside your office.
All of your colleagues, including you, use that printer whenever you want to print something of importance.
Then all a hacker has to do is infect the printer (either through the internet or may be, in some cases, by physically inserting custom made drivers to the printer itself through a USB stick) and every time a person wants to print something and gives the command to the common printer, the printer would be able to transfer those malicious drivers to those computers.
It would not take long for a hacker to infect an entire network of computers without having to move a muscle because one time or another, eventually every computer would need to print out something and that would the perfect chance for the virus to use this flaw in Windows Print Spooler code and corrupt a network of computers (say, your whole organization.).
But here is the fun part. If the hacker is committed enough, he doesn’t even need a physical printer to contaminate a given PC.
The hacker can (and in the hacker world that usually means, the hacker will) advertise a false printer peripheral on the network (how many of us actually check if a printer is actually present somewhere and don’t just click on the printer whose name we are familiar with?) and follow the same process as described before to get the same result. Corruption of the whole system.
This exploit can not only give the hacker user level access to your computer but can also give system level access which could grant the hacker powerful grip over your computer.
The good news is that Microsoft has picked up the news and has already prepared a patch to fix the exploit.
That means that as far as computer users are concerned, anyone who is running Windows Vista or later version of Windows is safe.
Considering how Microsoft cajoled everyone into upgrading to Windows 10, that could mean a lot of people don’t even need to worry about this hack because their Windows version would have received the Windows update by now.
But, if you’re running Windows XP (or an earlier version of Windows because your boss won’t spend the money to buy the later versions of Windows) then it’s probably the right time to call in technical support.
Microsoft stopped supporting older versions of Windows quite a while back so whatever happens, it’s going to be some time before your network of computers can be labeled “virus-free.”
You probably won’t be the only one, if that is any consolation.
There are literally millions of old computers that are still running older version of Windows such as Windows XP and hence are permanently vulnerable to this virus.
So why hasn’t each and every one of your office computer crashed yet?
Well, it turns out the hacker needs to bind the device either to your PC or the local network you might be a part of.
In simpler terms, this virus is a threat only to those computers that are grossly old and are part of a public hotspot.
Potential risky sites also include office networks which don’t have tightly guarded network security and circumstances where someone actually could attach a printer to your device while you are preoccupied with the release date of House of Cards season 5.