HP printer driver bug/issue

  1. Bobby Phoenix's Avatar
    Posts : 569
    Windows 10 Pro 64-bit
       #1

    HP printer driver bug/issue


    I've seen a couple posts about this, and I have a question for those who really know. What are you suppose to do if you don't have a printer anymore, but Windows installed the one with the bug? Do you think Windows will send an update through Windows Update if it detects the bad driver? Screen clip, and quote, below for exact issue.

    16-Year-Old HP Printer-Driver Bug Impacts Millions of Windows Machines | Threatpost

    “Thus, in effect, this driver gets installed and loaded without even asking or notifying the user,” explained the researchers. “Whether you are configuring the printer to work wirelessly or via a USB cable, this driver gets loaded. In addition, it will be loaded by Windows on every boot. This makes the driver a perfect candidate to target since it will always be loaded on the machine even if there is no printer connected.”

    HP printer driver bug/issue-image.png
      My Computer

  2. steve108's Avatar
    Posts : 16,408
    19041.1348 - 2004/20H1 Pro x64
       #2

    Not sure if this answers your question, but I would uninstall drivers for printers I no longer have.
      My Computer

  3. Bobby Phoenix's Avatar
    Posts : 569
    Windows 10 Pro 64-bit
    Thread Starter
       #3

    steve108 said:
    Not sure if this answers your question, but I would uninstall drivers for printers I no longer have.
    I had an HP printer a couple of years ago, and since changed brands, but when I follow these steps, no HP shows. I only see my current printer. So if it's not listed I guess I don't have drivers for it anymore?
    HP printer driver bug/issue-image.png

    Also what about people who are just simple users, and will have no idea what to do? I know a couple that just let Windows do everything for them. This seems like a nightmare if a fix isn't pushed automatically since there will be a lot of people affected, and not even know since they don't even follow tech news for things like this.
      My Computer

  4. steve108's Avatar
    Posts : 16,408
    19041.1348 - 2004/20H1 Pro x64
       #4

    Bobby Phoenix said:
    I had an HP printer a couple of years ago, and since changed brands, but when I follow these steps, no HP shows. I only see my current printer. So if it's not listed I guess I don't have drivers for it anymore?
    HP printer driver bug/issue-image.png

    Also what about people who are just simple users, and will have no idea what to do? I know a couple that just let Windows do everything for them. This seems like a nightmare if a fix isn't pushed automatically since there will be a lot of people affected, and not even know since they don't even follow tech news for things like this.
    If you go to Windows Settings and search for printers, you should see all the installed printers. Remove the ones you no longer own. Check Device Manager -> Printers too.

    I don't know the answer to the question about what simple users should do. Hopefully their HP drivers would eventually get updates via WU, but I'm not sure.
      My Computer

  5. steve108's Avatar
    Posts : 16,408
    19041.1348 - 2004/20H1 Pro x64
       #5

    One more place to check: Control Panel - All Control Panel Items - Devices and Printers
      My Computer

  6. Berton's Avatar
    Posts : 11,984
    Win10 Pro Versions 2004 and 2009/20H2, Win10 Pro IP_Dev, Win10 Home 1909
       #6

    I used to have an HP OfficeJet Pro 8620 Networked printer that has been replaced by an HP OfficeJet Pro 9010 Series Networked printer, was getting updates offered on several computers for the 8620 which had been fully uninstalled, supposedly. I'd accept but the update always failed but no problem caused to the 9010. Digging deeply into the Registry revealed more that half a dozen entries for the 8620 which deleting of them cleared the problem on my main computer, will do the others as opportunity allows. In simple terms, Build updates and Version Upgrades do things to the Registry but sometimes don't reverse them and software installs don't always get everything, gives credence to doing a clean reinstall now and then.
      My Computers


  7. Bobby Phoenix's Avatar
    Posts : 569
    Windows 10 Pro 64-bit
    Thread Starter
       #7

    I was doing a little more searching on this threat, and came across one from BleepingComputer. "Successful exploitation requires local user access which means that threat actors will need to first get a foothold on the targeted devices." Does that mean someone has to have access to the computer first, and then they can install something bad? It seems bad, but not as critical as I'm making it out to be? I'm just trying to learn.

    Also Microsoft's page says driver updates can be done from Windows Update. My updates are set to automatic, so hopefully if it's needed it will come through there.

    HP printer driver bug/issue-image.png

    HP printer driver bug/issue-image.png
      My Computer

  8. Steve C's Avatar
    Posts : 6,985
    Windows 10 Pro 64 bit
       #8

    In addition to the above, you can use Autoruns to disable the driver or delete the driver.
      My Computers

  9. Paul Black's Avatar
    Posts : 15,134
    Win 10 Pro 64-bit v1909 - Build 18363 Custom ISO Install
       #9

    Hello @Bobby Phoenix,

    I would certainly Delete / Remove ALL the Printers that are NOT currently used.

    If you want to take back control of WUs etc downloading and installing Drivers, then you will want to have a look at these . . .

    > How to Enable or Disable Including Driver Updates in Windows Update in Windows 10
    > How to Turn On or Off Automatic Device Driver Installation in Windows 10
    > How to Prevent Windows Update from Updating Specific Device Driver in Windows 10

    I hope this helps.
      My Computer

  10. Bobby Phoenix's Avatar
    Posts : 569
    Windows 10 Pro 64-bit
    Thread Starter
       #10

    Thank you all for your input. I'm fine with my own computers. My main concern was with friends/family that would be affected, but aren't tech enough to even know a flaw exists let alone go looking for the driver in question. They rely on automatic updates to fix things. After even more searching it appears that this is not a flaw to be done by itself, as the researchers could not find a way to do it (not that it can't be done, but with needing access to the computer first, and then trying to chain flaws together, it seems less likely to be a quick drive-by as it's not a remote code execution as the attacker needs to already have access to the computer). I'm just sharing incase others go looking for info.

    from A 16-year-old bug (CVE-2021-3438) in printer driver affects millions of printers worldwideSecurity Affairs

    A lot of "coulds", "mights", and "potentials" involved. I think there are other flaws with much greater risk.

    An attacker with basic user privileges can elevate their privileges to SYSTEM and run code in kernel mode, in this way a malicious code could evade detection of security products.

    “Successfully exploiting a driver vulnerability might allow attackers to potentially install programs, view, change, encrypt or delete data, or create new accounts with full user rights. Weaponizing this vulnerability might require chaining other bugs as we didn’t find a way to weaponize it by itself given the time invested.” continues the analysis..

    At the time of the publishing of the report, the experts are not aware of attacks exploiting this vulnerability in the wild, but they expect that threat actors could leverage it in the future.
    Last edited by Bobby Phoenix; 27 Jul 2021 at 21:38.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 06:06.
Find Us




Windows 10 Forums