A security bug that has spent the past 16 years hiding in Xerox printers has finally made its presence known.
According to a report from SentinelLabs, the bug identified as CVE-2021-3438 has been an unnoticed digital tenant in the drivers of a dozen Xerox printer models since 2005 and was only first identified in February.
The bug has also been detected in HP and Samsung printers. The buggy driver is automatically installed with the printer software and gets reloaded by Windows with each system reboot.
“Successfully exploiting a driver vulnerability might allow attackers to potentially install programs, view, change, encrypt or delete data or create new accounts with full user rights,” said SentinelLabs.
The company noted that while there have been no reports that “this vulnerability has been exploited in the wild up till now, with hundreds of millions of enterprises and users currently vulnerable, it is inevitable that attackers will seek out those that do not take the appropriate action.”
The Norwalk-headquartered Xerox issued a bulletin with links to downloadable security patches to stamp out this bug.
