News
News Categories

Microsoft's Web Point-and-Print Protocol bug puts Windows devices at risk to malware

By Wong Chung Wee - on 15 Jul 2016, 5:07pm

Microsoft's Web Point-and-Print Protocol bug puts Windows devices at risk to malware

(Image source: Vectra Networks)

A vulnerability in the Microsoft's Web Point-and-Print Protocol will potentially put machines running all versions of Windows operating system at risk to malware infection. According to Microsoft, this HTTP-based protocol lets users download driver software from a server in a client network or from a web site. Due to need for convenience, the implementation of this protocol isn’t as stringent where normally User Account Controls warnings are put in place to alert a user about the installation of a new driver. Therefore, the Web Point-and-Print Protocol is able to circumvent User Account Controls restrictions, allowing a mechanism, which will enable executables to be downloaded and run at system level on the user’s Windows client machine.

Researchers at Vectra Networks, a network security company, have successfully created an exploit that consists of a DLL file with an injected payload. Using the Point-and-Print protocol delivery mechanism, they were able to infect a Windows machine. They were able to extend the infection further by using the Internet Printing Protocol (IPP) and webPointnPrint by moving beyond their test intranet to the Internet. The Vectra Networks researchers have tested this exploit on print servers running on a myriad of Windows OS as well as Ubuntu OS.

According to Vectra, Networks they have been working with Microsoft since April this year, and the Redmond software giant has already issued a patch for this vulnerability. However, as reported by Ars Technica, the official Microsoft patch doesn’t close the “code-execution vulnerability” for all supported Windows versions; instead, a warning is added as part of the update. The apparent reason why Microsoft isn’t overly anxious about this vulnerability is because this exploit won’t work in a typical enterprise network that’s running Microsoft Active Directory service. So only networks of homes and small offices, especially in a network environment where users can bring their own devices and connect to the network services, are potentially at risk. For more information on the exploit, do visit Vectra’s blog entry here.

(Source: Vectra Networks, Microsoft via Ars Technica)

Join HWZ's Telegram channel here and catch all the latest tech news!
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.