![]() This really speaks to some of the challenges with the driver-based model. Although the V4 model was introduced in 2012, 9 years before this vulnerability in 2021, most printers still used V3 drivers. Users of V4 drivers did not experience this problem. Once a fix was in place, users of V3 drivers, often in larger environments, suddenly found themselves with Admin login prompts when trying to use their printers. Remote servers can install drivers without an admin prompt on the client assuming the appropriate configuration (registry setting) on the client. The attacker’s chosen file was then loaded as a DLL and executed in the highly privileged Spooler process, effectively granting the attacker SYSTEM privileges.įixing this vulnerability was complicated by the fact that such a feature exists by design called Point and Print which allows for frictionless driver installation by a print server to the client. This vulnerability was the result of an authorization bypass bug which allowed authenticated remote users to install print drivers using the RPC call RpcAddPrinterDriver and specify a driver file located in a remote location. Balancing security, convenience and backwards compatibility with older devices is challenging. This is like some other subsystems in Windows, but printing is a particularly challenging scenario because both we and customers want the process to be as frictionless as possible. The security model for print drivers relies on a shared responsibility approach where the Windows printing stack and third-party drivers must each play a role in providing functionality and enforcing security promises while avoiding introducing vulnerabilities. What we found is that Windows Protected Print Mode mitigated over half of those vulnerabilities.Īlthough we know some may find changing configurations inconvenient, we believe it is best for overall user security. To put these changes in some context, MORSE did an analysis of past MSRC cases for Windows Print to assess if these changes would help. WPP blocks all third-party drivers and implements a wide range of new security protections. Securing the print stack is challenging, in large part due to the use of third-party drivers. Print bugs played a role in Stuxnet and Print Nightmare, and account for 9% of all Windows cases reported to MSRC. The Spooler runs with high privileges and must load code from the network which is difficult to accomplish with low friction and high security. The Windows print system has been a key target for attackers. One of the largest motivations behind the change is security. This article will explain the case for adopting driverless printing, provide some insights on compatibility, and preview the security improvements provided by Windows Protected Print Mode. Moving away from drivers has allowed us to significantly improve the print stack. Recently, we announced our plan to end servicing for third-party drivers in Windows. We believe users should be Secure-by-Default which is why WPP will eventually be on by default in Windows. We are calling this new platform Windows Protected Print Mode (WPP). ![]() ![]() The goal was to build a more modern and secure print system that maximizes compatibility and puts users first. This new design represents one of the largest changes to the Windows Print stack in more than 20 years. Over the past year, the MORSE team has been working in collaboration with the Windows Print team to modernize the Windows Print System.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |