Sécurité – un bug vieux de 16 ans affecte des millions d’imprimantes
Un bon vieux bug de 16 ans en mode “sous-marin” aurait affecté des millions d’imprimantes HP, Samsung et Xerox.
Selon l’avis de vulnérabilité CVE-2021-3438 publié en mai dernier : « Un potentiel débordement du tampon dans les pilotes logiciels pour certains produits HP LaserJet et imprimantes de produits Samsung pourrait entraîner une escalade de privilèges »
C’est bien SentinelLabs qui aurait découvert cette faille de gravité élevée et signalés de manière proactive à HP ces résultats le 18 février 2021.
Le 19 Mai, HP aurait alors publié une mise à jour de sécurité à l’intention de ses clients afin de corriger cette vulnérabilité.
Mais quelles imprimantes sont affectées ?
Imprimantes affectées
Product Name |
Model |
Software Version |
---|---|---|
HP Color Laser 150 Series |
4ZB94A, 4ZB95A |
Printer_CVE-2021-3438_update.exe HP_Color_Laser_150_Full_Software_and_Drivers_1.16.exe HP_Color_Laser_150_Print_Drivers_1.16.exe HP_Color_Laser_150_Driver.exe |
HP Color Laser MFP 170 Series – 178/179 |
4ZB96A, 4ZB97A, 6HU08A, 6HU09A |
Printer_CVE-2021-3438_update.exe HP_Color_Laser_MFP_178_179_Full_Software_and_Drivers_1.15.exe HP_Color_Laser_MFP_178_179_Driver.exe HP_Color_Laser_MFP_178_179_Print_Scan_Drivers_1.15.exe |
HP Laser 100 Series – 103/107/108 |
4ZB81A, 5UE14A, 209U7A, 4ZB79A, 4ZB80A |
Printer_CVE-2021-3438_update.exe HP_Laser_103_107_108_Print_Driver_1.16.exe HP_Laser_103_107_108_Full_Software_and_Drivers_1.16.exe HP_Laser_103_107_108_Driver.exe |
HP Laser 408 Printer Series |
7UQ75A |
Printer_CVE-2021-3438_update.exe HP_Laser_408_Print_Driver_Add_Printer_1.06.exe HP_Laser_408_Print_Driver_1.06.exe |
HP Laser MFP 130 Series – 131/133/135/137/138 |
4ZB92A, 4ZB93A, 4ZB82A, 6HU10A, 5UE15A, 4ZB83A, 6HU11A, 4ZB85A, 4ZB87A, 4ZB86A, 9VV52A, 4ZB84A, 6HU12A, 4ZB91A, 4ZB88A, 4ZB89A, 4ZB90A |
Printer_CVE-2021-3438_update.exe HP_ Laser_MFP_131_133_135-138_Full_Software_and_Drivers_1.15.exe HP_ Laser_MFP_131_133_135-138_Print_Scan_Drivers_1.15.exe HP_ Laser_MFP_131_133_135-138_Driver.exe |
HP Laser MFP 432 Series |
7UQ76A |
Printer_CVE-2021-3438_update.exe HP_Laser_MFP_432_Print_Scan_Drivers_1.07.exe HP_Laser_MFP_432_Print_Driver_only_1.07.exe HP_Laser_MFP_432_Full_Software_and_Drivers_1.07.exe |
HP LaserJet MFP M4252x Series |
7AB26A, 7ZB25A, 7ZB72A |
Printer_CVE-2021-3438_update.exe HP_LaserJet_MFP_M42523-M42625_Full_Software_and_Drivers_V1.04.exe HP_LaserJet_MFP_M42523-M42625_Print_Scan_Drivers_V1.04.exe HP_LaserJet_MFP_M42523-M42625_Print_Driver_only_V1.04.exe |
HP LaserJet MFP M4262x Series |
8AF49A, 8AF50A, 8AF51A, 8AF52A |
Printer_CVE-2021-3438_update.exe HP_LaserJet_MFP_M42523-M42625_Full_Software_and_Drivers_V1.04.exe HP_LaserJet_MFP_M42523-M42625_Print_Scan_Drivers_V1.04.exe HP_LaserJet_MFP_M42523-M42625_Print_Driver_only_V1.04.exe |
HP LaserJet MFP M433 Printer Series |
1VR14A |
Printer_CVE-2021-3438_update.exe HP_LaserJet_MFP_M433_Full_Software_and_Drivers_1.03.exe HP_LaserJet_MFP_M433_Print_Driver_only_1.03.exe HP_LaserJet_MFP_M433_Print_Scan_Drivers_1.03.exe |
HP LaserJet MFP M436 Printer Series |
2KY38A, W7U01A, W7U02A |
Printer_CVE-2021-3438_update.exe HP_LaserJet_MFP_M436_Print_Scan_Drivers_1.13.exe HP_LaserJet_MFP_M436_Print_Driver_only_1.13.exe HP_LaserJet_MFP_M436_Full_Software_and_Drivers_1.13.exe |
HP LaserJet MFP M437 Series |
7ZB20A, 7ZB19A, 7ZB21A |
Printer_CVE-2021-3438_update.exe HP_LaserJet_MFP_M437-M443_Full_Software_and_Drivers_V1.04.exe HP_LaserJet_MFP_M437-M443_Print_Scan_Drivers_V1.04.exe HP_LaserJet_MFP_M437-M443_Print_Driver_only_V1.04.exe |
HP LaserJet MFP M438 Series |
8AF43A, 8AF44A, 8AF45A |
Printer_CVE-2021-3438_update.exe HP_LaserJet_MFP_M437-M443_Full_Software_and_Drivers_V1.04.exe HP_LaserJet_MFP_M437-M443_Print_Scan_Drivers_V1.04.exe HP_LaserJet_MFP_M437-M443_Print_Driver_only_V1.04.exe |
HP LaserJet MFP M439 Series |
7ZB22A, 7ZB23A, 7ZB24A |
Printer_CVE-2021-3438_update.exe HP_LaserJet_MFP_M437-M443_Full_Software_and_Drivers_V1.04.exe HP_LaserJet_MFP_M437-M443_Print_Scan_Drivers_V1.04.exe HP_LaserJet_MFP_M437-M443_Print_Driver_only_V1.04.exe |
HP LaserJet MFP M440 Series |
8AF46A, 8AF47A, 8AF48A |
Printer_CVE-2021-3438_update.exe HP_LaserJet_MFP_M437-M443_Full_Software_and_Drivers_V1.04.exe HP_LaserJet_MFP_M437-M443_Print_Scan_Drivers_V1.04.exe HP_LaserJet_MFP_M437-M443_Print_Driver_only_V1.04.exe |
HP LaserJet MFP M442 Series |
8AF71A |
Printer_CVE-2021-3438_update.exe HP_LaserJet_MFP_M437-M443_Full_Software_and_Drivers_V1.04.exe HP_LaserJet_MFP_M437-M443_Print_Scan_Drivers_V1.04.exe HP_LaserJet_MFP_M437-M443_Print_Driver_only_V1.04.exe |
HP LaserJet MFP M443 Series |
8AF72A |
Printer_CVE-2021-3438_update.exe HP_LaserJet_MFP_M437-M443_Full_Software_and_Drivers_V1.04.exe HP_LaserJet_MFP_M437-M443_Print_Scan_Drivers_V1.04.exe HP_LaserJet_MFP_M437-M443_Print_Driver_only_V1.04.exe |
HP LaserJet MFP M72625-M72630 Series |
2ZN49A, 2ZN50A |
Printer_CVE-2021-3438_update.exe HP_LaserJet_MFP_M72625_M72630_Full_Software_and_Drivers_1.05.exe HP_LaserJet_MFP_M72625_M72630_Print_only_1.05.exe HP_LaserJet_MFP_M72625_M72630_Print_Scan_Drivers_1.05.exe |
Samsung CLP-360 Color Laser Printer series |
SS062A |
Printer_CVE-2021-3438_update.exe |
Samsung CLP-365 Color Laser Printer Series |
SS066A, SW139A, SS067A |
Printer_CVE-2021-3438_update.exe |
Samsung CLP-366 Color Laser Printer series |
SS068A, SV600A |
Printer_CVE-2021-3438_update.exe |
Samsung CLP-368 Color Laser Printer series |
SV601A |
Printer_CVE-2021-3438_update.exe |
Samsung CLP-560 Color Laser Printer Series |
SV611A, SV612A |
Printer_CVE-2021-3438_update.exe |
Samsung CLP-680 Color Laser Printer Series |
SS075A, SS076A |
Printer_CVE-2021-3438_update.exe |
Samsung CLP-775 Color Laser Printer Series |
SS078A, SS079A |
Printer_CVE-2021-3438_update.exe |
Samsung CLX-3300 Color Laser Multifunction Printer series |
SS088A, SV677A |
Printer_CVE-2021-3438_update.exe |
Samsung CLX-3305 Color Laser Multifunction Printer Series |
SS093A, SS094A, SS095A, SS096A |
Printer_CVE-2021-3438_update.exe |
Samsung CLX-6260 Color Laser Multifunction Printer Series |
SS105A, SS106A, SS107A, SW177A, SS108A |
Printer_CVE-2021-3438_update.exe |
Samsung ML-3750 Laser Printer Series |
SS138A |
Printer_CVE-2021-3438_update.exe |
Samsung ML-4510 Laser Printer series |
SS141A |
Printer_CVE-2021-3438_update.exe |
Samsung ML-4512 Laser Printer series |
SS142A |
Printer_CVE-2021-3438_update.exe |
Samsung ML-5010 Laser Printer series |
SS145A |
Printer_CVE-2021-3438_update.exe |
Samsung ML-5012 Laser Printer series |
SS146A |
Printer_CVE-2021-3438_update.exe |
Samsung ML-5015 Laser Printer Series |
SS147A |
Printer_CVE-2021-3438_update.exe |
Samsung ML-5017 Laser Printer series |
SS148A |
Printer_CVE-2021-3438_update.exe |
Samsung ML-551x Laser Printer Series |
SS149A, SS150A,SV897A, SV898A, SS151A,SS152A |
Printer_CVE-2021-3438_update.exe |
Samsung ML-651x Laser Printer Series |
SS153A, SV899C, SV900A, SV901A, SS154A |
Printer_CVE-2021-3438_update.exe |
Samsung MultiXpress CLX-9251 Laser Multifunction Printer series |
SS005A, SV719A |
Printer_CVE-2021-3438_update.exe |
Samsung MultiXpress CLX-9301 Laser Multifunction Printer Series |
SW179A, SS007A, SW152A |
Printer_CVE-2021-3438_update.exe |
Samsung MultiXpress SCX-8128 Laser Multifunction Printer Series |
SS018A, SS019A, SS020A, SW172A |
Printer_CVE-2021-3438_update.exe |
Samsung MultiXpress SCX-8230 Laser Multifunction Printer series |
SS021A |
Printer_CVE-2021-3438_update.exe |
Samsung MultiXpress SCX-8240 Laser Multifunction Printer Series |
SS022A, ST717A, SW185A |
Printer_CVE-2021-3438_update.exe |
Samsung MultiXpress SL-K2200 Laser Multifunction Printer |
SS024A, SS025A |
Printer_CVE-2021-3438_update.exe |
Samsung MultiXpress SL-K3250 Laser Multifunction Printer Series |
SS027E |
Printer_CVE-2021-3438_update.exe |
Samsung MultiXpress SL-K3300 Laser Multifunction Printer series |
SS028A |
Printer_CVE-2021-3438_update.exe |
Samsung MultiXpress SL-K4250 Laser Multifunction Printer series |
SS030A, SS031A |
Printer_CVE-2021-3438_update.exe |
Samsung MultiXpress SL-K4300 Laser Multifunction Printer series |
SS032A |
Printer_CVE-2021-3438_update.exe |
Samsung MultiXpress SL-K4350 Laser Multifunction Printer Series |
SS033A |
Printer_CVE-2021-3438_update.exe |
Samsung MultiXpress SL-K7400 Laser Multifunction Printer series |
SS037A, SS038A |
Printer_CVE-2021-3438_update.exe |
Samsung MultiXpress SL-K7500 Laser Multifunction Printer series |
SS039A, SS040A |
Printer_CVE-2021-3438_update.exe |
Samsung MultiXpress SL-K7600 Laser Multifunction Printer Series |
SS041A, SS042A |
Printer_CVE-2021-3438_update.exe |
Samsung MultiXpress SL-M4370 Laser Multifunction Printer Series |
SS396A, SW117A |
Printer_CVE-2021-3438_update.exe |
Samsung MultiXpress SL-M5360 Laser Multifunction Printer Series |
SS403A |
Printer_CVE-2021-3438_update.exe |
Samsung MultiXpress SL-M5370 Laser Multifunction Printer Series |
SS404A, SW121A |
Printer_CVE-2021-3438_update.exe |
Samsung MultiXpress SL-X3220NR Color Laser Multifunction Printer |
SS043E |
Printer_CVE-2021-3438_update.exe |
Samsung MultiXpress SL-X3280 Color Laser Multifunction Printer series |
SS044A |
Printer_CVE-2021-3438_update.exe |
Samsung MultiXpress SL-X4220 Color Laser Multifunction Printer series |
SS047A |
Printer_CVE-2021-3438_update.exe |
Samsung MultiXpress SL-X4250 Color Laser Multifunction Printer series |
SS048A |
Printer_CVE-2021-3438_update.exe |
Samsung MultiXpress SL-X4300 Color Laser Multifunction Printer Series |
SS049A |
Printer_CVE-2021-3438_update.exe |
Samsung MultiXpress SL-X7400 Color Laser Multifunction Printer series |
SS053A, SS054A |
Printer_CVE-2021-3438_update.exe |
Samsung MultiXpress SL-X7500 Color Laser Multifunction Printer series |
SS055A, SS056A |
Printer_CVE-2021-3438_update.exe |
Samsung MultiXpress SL-X7600 Color Laser Multifunction Printer Series |
SS058A, SS059A |
Printer_CVE-2021-3438_update.exe |
Samsung Printer proXpress SL-C401x Series |
SS215A, SS216A, SS216B, SS216C, SS216D, SS216E, SS216F, SS216G, SS216H, SS216J, SS216K, SS216L, SS216M, SS216N, SS216P, SS216Q, SS216S, SS216,T, SS216U, SS216V, SS216Z |
Printer_CVE-2021-3438_update.exe |
Samsung ProXpress Samsung ProXpress SL-M3870 Laser Multifunction Printer series |
SS377A, SS378A |
Printer_CVE-2021-3438_update.exe |
Samsung ProXpress SL-C3010 Color Laser Printer Series |
SS209A, SS210A, SS210B, SS201C, SS210D, SS210E, SS210F, SS210G, SS210H, SS210J, SS210K, SS210L, SS210M, SS210P |
Printer_CVE-2021-3438_update.exe |
Samsung ProXpress SL-C3060 Color Laser Multifunction Printer |
SS211A, S221B, SS211C, SS211D, SS211E, SS211F, SS211G, SS211H, SS211J, SS211K, SS211L, SS211M, SS211N, SS211P, SS211Q, SS213A, SS213B, SS213C, SS213D, SS213E, SS213F, SS213G, SS213H |
Printer_CVE-2021-3438_update.exe |
Samsung ProXpress SL-C4012 Color Laser Printer series |
SS217A |
Printer_CVE-2021-3438_update.exe |
Samsung ProXpress SL-C4062 Color Laser Multifunction Printer series |
SS219A |
Printer_CVE-2021-3438_update.exe |
Samsung ProXpress SL-C406x Color Laser Multifunction Printer Series |
SS218A, SS219A |
Printer_CVE-2021-3438_update.exe |
Samsung proXpress SL-M3320ND Laser Printer Series |
SS365A |
Printer_CVE-2021-3438_update.exe |
Samsung ProXpress SL-M3321 Laser Printer series |
SS366A |
Printer_CVE-2021-3438_update.exe |
Samsung ProXpress SL-M3325 Laser Printer series |
SS367A |
Printer_CVE-2021-3438_update.exe |
Samsung ProXpress SL-M3370 Laser Printer Series |
SS378A |
Printer_CVE-2021-3438_update.exe |
Samsung ProXpress SL-M3375FD Laser Multifunction Printer Series |
SS369A, SS369B, SS369C, SS369D, SS369E, SS368F |
Printer_CVE-2021-3438_update.exe |
Samsung ProXpress SL-M3820 Laser Printer Series |
SS373A, SS373B, SS373C, SS373D, SS373E, SS373F, SS373G, SS373H, SS373J, SS373K, SS373L, SS373M, SS373N, SS373P, SS373Q, SS373S, SS373T, SS373U, SS373V, SS373W, SS373Z, SS371A, SS371B, SS371C, SS371D, SS372C, SS375B, SS373F |
Printer_CVE-2021-3438_update.exe |
Samsung ProXpress SL-M3825 Laser Printer series |
SS374A, SS375A, SS376A |
Printer_CVE-2021-3438_update.exe |
Samsung ProXpress SL-M3875 Laser Multifunction Printer series |
SS379A, SS380A, SS381A, SS382A |
Printer_CVE-2021-3438_update.exe |
Samsung ProXpress SL-M4020 Laser Printer Series |
SS383K, SS383L, SS383X, SS383Y, SS383C, 4PT87A, 4PT7B |
Printer_CVE-2021-3438_update.exe |
Samsung ProXpress SL-M4024 Laser Printer series |
SS385A |
Printer_CVE-2021-3438_update.exe |
Samsung ProXpress SL-M4025 Laser Printer series |
SS386A, SS387A |
Printer_CVE-2021-3438_update.exe |
Samsung ProXpress SL-M4030 Laser Printer Series |
SS388A |
Printer_CVE-2021-3438_update.exe |
Samsung ProXpress SL-M4070 Laser Multifunction Printer Series |
SS389J, SS390C |
Printer_CVE-2021-3438_update.exe |
Samsung ProXpress SL-M4072 Laser Multifunction Printer series |
SS391A |
Printer_CVE-2021-3438_update.exe |
Samsung ProXpress SL-M4075 Laser Multifunction Printer series |
SS392A, SS393A, SS394A |
Printer_CVE-2021-3438_update.exe |
Samsung ProXpress SL-M4080 Laser Multifunction Printer Series |
SS395A |
Printer_CVE-2021-3438_update.exe |
Samsung ProXpress SL-M4530 Laser Printer Series |
SS397E, SS397G, SS398D |
Printer_CVE-2021-3438_update.exe |
Samsung ProXpress SL-M456x Laser Multifunction Printer Series |
SS399A, SS400A |
Printer_CVE-2021-3438_update.exe |
Samsung ProXpress SL-M458x Laser Multifunction Printer Series |
SS401A, SS402A |
Printer_CVE-2021-3438_update.exe |
Samsung SCX-3400 Laser Multifunction Printer Series |
SS155A, SS156A, SV938A |
Printer_CVE-2021-3438_update.exe |
Samsung SCX-3401 Laser Multifunction Printer series |
SS157A, SS158A, SV393A |
Printer_CVE-2021-3438_update.exe |
Samsung SCX-3405 Laser Multifunction Printer series |
SS159A, SW313A, SS160A, SW314A, SS161A, SS162A, SV943A, SS163A |
Printer_CVE-2021-3438_update.exe |
Samsung SCX-3406 Laser Multifunction Printer series |
SV945A, SV946A, SV947A, SV298A, SW127A, SS164A |
Printer_CVE-2021-3438_update.exe |
Samsung SCX-4021 Laser Multifunction Printer series |
SS165A |
Printer_CVE-2021-3438_update.exe |
Samsung SCX-4521 Laser Multifunction Printer series |
SS167A, SS168A, SV530A, SV966A, SV967A, SV968A, SV969A, SW129A |
Printer_CVE-2021-3438_update.exe |
Samsung SCX-4655 Laser Multifunction Printer series |
SS174A, SV988A, SV989A |
Printer_CVE-2021-3438_update.exe |
Samsung SCX-4650 Laser Multifunction Printer Series |
SB983A, SS171A, SS172A, |
Printer_CVE-2021-3438_update.exe |
Samsung SCX-4833 Laser Multifunction Printer series |
SS180A, SS181A, SW019A |
Printer_CVE-2021-3438_update.exe |
Samsung SCX-4835 Laser Multifunction Printer series |
SW021A, SW020A |
Printer_CVE-2021-3438_update.exe |
Samsung SCX-5635 Laser Multifunction Printer series |
SW093A, SW040A, SW041A |
Printer_CVE-2021-3438_update.exe |
Samsung SCX-5637 Laser Multifunction Printer series |
SS182A, SW043A |
Printer_CVE-2021-3438_update.exe |
Samsung SCX-5639 Laser Multifunction Printer series |
ST676A |
Printer_CVE-2021-3438_update.exe |
Samsung SCX-5737 Laser Multifunction Printer Series |
SW045A, SS183A, SW046A |
Printer_CVE-2021-3438_update.exe |
Samsung SF-76x Laser Multifunction Printer Series |
SS195A, SS196A, SS197A, SS198A, SS199A |
Printer_CVE-2021-3438_update.exe |
Samsung Xpress SL-C1860 Color Laser Multifunction Printer Series |
SS205A |
Printer_CVE-2021-3438_update.exe |
Samsung Xpress SL-C430 Color Laser Printer Series |
SS229A, SS230A |
Printer_CVE-2021-3438_update.exe |
Samsung Xpress SL-C480 Color Laser Multifunction Printer Series |
SS254A, SS255A, SS256A, SS257A |
Printer_CVE-2021-3438_update.exe |
Samsung Xpress SL-M2020 Laser Printer Series |
SS271A, SS272A |
Printer_CVE-2021-3438_update.exe |
Samsung Xpress SL-M2070 Laser Multifunction Printer Series |
SS293A, SS294A, SS295A, SS296A, SS297A, SS298A |
Printer_CVE-2021-3438_update.exe |
Samsung Xpress SL-M2620 Laser Printer Series |
SS322A, SS323A, SS324A |
Printer_CVE-2021-3438_update.exe |
Samsung Xpress SL-M2621 Laser Printer Series |
SS325A |
Printer_CVE-2021-3438_update.exe |
Samsung Xpress SL-M2625 Laser Printer Series |
SS326A, SS327A |
Printer_CVE-2021-3438_update.exe |
Samsung Xpress SL-M2626 Laser Printer Series |
SS328A, SS329A |
Printer_CVE-2021-3438_update.exe |
Samsung Xpress SL-M2670 Laser Multifunction Printer Series |
SS330A, SS331A |
Printer_CVE-2021-3438_update.exe |
Samsung Xpress SL-M2671 Laser Multifunction Printer Series |
SS332A, SS333A |
Printer_CVE-2021-3438_update.exe |
Samsung Xpress SL-M2675 Laser Multifunction Printer Series |
SS334A, SS335A, SS336A, SW112A |
Printer_CVE-2021-3438_update.exe |
Samsung Xpress SL-M2676 Laser Multifunction Printer Series |
SW113A, SS337A, SS338A |
Printer_CVE-2021-3438_update.exe |
Samsung Xpress SL-M2820 Laser Printer Series |
SS339A, SS340A |
Printer_CVE-2021-3438_update.exe |
Samsung Xpress SL-M2821 Laser Printer Series |
SS341A |
Printer_CVE-2021-3438_update.exe |
Samsung Xpress SL-M2825 Laser Printer Series |
SS342A, SS343A |
Printer_CVE-2021-3438_update.exe |
Samsung Xpress SL-M2826 Laser Printer Series |
SS344A |
Printer_CVE-2021-3438_update.exe |
Samsung Xpress SL-M2835 Laser Printer Series |
SS346A |
Printer_CVE-2021-3438_update.exe |
Samsung Xpress SL-M2870 Laser Multifunction Printer Series |
SS348A, SS349A |
Printer_CVE-2021-3438_update.exe |
Samsung Xpress SL-M2871 Laser Multifunction Printer Series |
SS350A |
Printer_CVE-2021-3438_update.exe |
Samsung Xpress SL-M2875 Laser Multifunction Printer Series |
SS351A, SS352A, SS353A, SS354A |
Printer_CVE-2021-3438_update.exe |
Samsung Xpress SL-M2876 Laser Multifunction Printer Series |
SS355A, SS356A, SS357A |
Printer_CVE-2021-3438_update.exe |
Samsung Xpress SL-M2880 Laser Multifunction Printer series |
SS358A |
Printer_CVE-2021-3438_update.exe |
Samsung Xpress SL-M2885 Laser Multifunction Printer Series |
SS359A |
Printer_CVE-2021-3438_update.exe |
Samsung Xpress SL-M3015 Laser Printer Series |
SS360A |
Printer_CVE-2021-3438_update.exe |
Pour résumé “le pourquoi du comment”
Lors de l’installation d’une nouvelle imprimante HP, l’équipe de SentinelLABS a détecté l’utilisation d’un ancien pilote d’imprimante datant de 2005 appelé SSPORT.SYS grâce à une alerte de Process Hacker.
Ce processus est un composant Samsung Serial Port Driver qui était utilisé par le Samsung Easy Printer Manager.
Je ne pourrais pas expliqué comment un tel pilote a pu être utilisé par autant de logiciels d’imprimantes “Non-Samsung” cependant il était important d’agir rapidement pour corriger ce problème.
Quels sont les impacts ?
Une vulnérabilité de pilote de noyau exploitable peut permettre à un utilisateur sans-accès à utiliser le compte SYSTEM et donc, exécuter du code en mode noyau. On pourrait alors contourner des produits de sécurité.
Il n’y a actuellement aucune indication que ce vieux bug ait été exploité, mais “vaut mieux prévenir que guérir”.
Il est donc recommandé aux clients HP/Samsung/Xerox, tant au niveau des entreprises que du grand public, d’appliquer le correctif dès que possible.
Voici le lien de recherche des pilotes HP : Rechercher votre correctif.
Source: CVE-2021-3438: 16 Years In Hiding – Millions of Printers Worldwide Vulnerable
À voir également : HAVEIBEENPWNED: avez-vous un compte compromis dans une violation de données ?