Nasty Windows Printer Driver Vulnerability

From SentinelLabs, a critical vulnerability in HP printer drivers:

Researchers have released technical details on a high-severity privilege-escalation flaw in HP printer drivers (also used by Samsung and Xerox), which impacts hundreds of millions of Windows machines.

If exploited, cyberattackers could bypass security products; install programs; view, change, encrypt or delete data; or create new accounts with more extensive user rights.

The bug (CVE-2021-3438) has lurked in systems for 16 years, researchers at SentinelOne said, but was only uncovered this year. It carries an 8.8 out of 10 rating on the CVSS scale, making it high-severity.

Look for your printer here, and download the patch if there is one.

EDITED TO ADD (8/13): Here’s a better list of affected HP and Samsung printers.

Tags: , , , ,

Posted on July 22, 2021 at 10:41 AM42 Comments

Comments

Clive Robinson July 22, 2021 11:17 AM

@ ALL,

The bug (CVE-2021-3438) has lurked in systems for 16 years,

Why am I not surprised?

Since 2005… @NickP and myself used to debate when you should have stopped on the MS OS path.

I was conservative and said 1995, @NickP was a little more bullish and said 2005.

I guess the real question is how much longer before we ditch the more modern crud into “land fill” and upgrade to amore modern “backdoor”.

Pays your money makes your choices mines at the latest Win XP and Office 97…

It does the dull stuff I need it to, relatively quickly on fully issolated systems.

Untitled July 22, 2021 11:57 AM

It doesn’t seem to affect many HP printers, for a 16-year-old bug – or maybe HP hasn’t issued fixes for every printer?

HP has a list of affected printere (including Samsung’s) here

lurker July 22, 2021 12:26 PM

The articles are describing this a Windows printer driver problem. HP support links above are currently unreachable. Debian Linux by default includes an HP binary blob which I removed: I now pay somebody else to do my printing, faff with ink/toner, and deal with dodgy drivers…

SpaceLifeForm July 22, 2021 12:27 PM

@ Clive

The Windows treadmill.

You buy a more modern pc with preloaded windows, and you automagically get easier to use lpe exploits.

Who needs this attack when there an easier one?

SeriousSAM.

https://kb.cert.org/vuls/id/506989

[booting windows98se box to see if still ok]

metaschima July 22, 2021 12:57 PM

@ Clive
I stopped using Windows in College around 2003 or so. Why? Because it kept crapping out on me especially near the due date of papers. I have never looked back. I have been using Linux since then, but I did use BSD for a short time as well.

Chris Pugson July 22, 2021 2:32 PM

My HP LaserJet 1100 driver is from Microsoft.

Microsoft – Printer – 6/22/2006 12:00:00 AM – 6.1.7233.1

D’oh! Does this mean my printer is toast? HP origin drivers are dated 2002 or earlier. Perhaps the Microsoft issued driver is based on these older HP issued drivers in which case I am OK to continue using my LaserJet 1100?

SpaceLifeForm July 22, 2021 4:07 PM

@ Chris Pugson

If you can not do the math, you probably should not ask the question.

Your printer will continue to work as long as you continue to pay the ink tax.

Fsck Windows July 22, 2021 9:13 PM

It should read:

Nasty Windows Printer Driver Vulnerability

Let’s place the blame on where it should be, One Microsoft Way.

ADFGVX July 22, 2021 9:17 PM

metaschima • July 22, 2021 12:57 PM

@ Clive
I stopped using Windows in College around 2003 or so. Why? Because it kept crapping out on me especially near the due date of papers. I have never looked back. I have been using Linux since then, but I did use BSD for a short time as well.

Thank you. Out of gas and a flat tire on your way to court and a warrant for failure to appear, your attorney hasn’t the foggiest notion what happened to your court paperwork, and you’re fighting a slew of speeding tickets and parking tickets plus a vehicle impound at city hall with service of process and writ for motion of appearance by order of the court and you were just terminated from your job and served with a home foreclosure, because like well dude you’re going away for a long long time even if you were innocent of the charges on their merits and did nothing wrong in court.

/dev/null July 22, 2021 10:21 PM

I just want to point out that you don’t need to own an affected printer to be caught out by this security issue. These buggy drivers are shipped with any install of Windows and can be abused by an attacker even if you don’t have a printer.

There are critical flaws found in Linux all the time too. If it was as popular as Windows there would be even more. Linux doesn’t fair much better than Windows at things like the pwn2own contests (and those are just the exploits made public). I say this as someone who uses only Linux as my primary OS since 1993. I mean Linux is better designed but not immune to bugs.

SpaceLifeForm July 22, 2021 11:01 PM

@ /dev/null

Yep. Best you stick to 32-bit Linux. This problem goes back to Windows7.

And you know who uses that, right?

Has that TLA figured it out yet?

Clive Robinson July 22, 2021 11:41 PM

@ Fsck Windows,

Let’s place the blame on where it should be, One Microsoft Way.

Historically you can blaim the hardware designer’s, of I/O devices of which I’m guilty of being one.

It goes back to the start of “Open Hardware Standards” and non CPU specific BUS standards for the likes of interchangable/removable and non-local peripherals, like serial terminals, modems, tape drives, floppy drives.

Apple took the idea of I/O bus into the heart of the CPU box, and added ROM support to hook into the BIOS. IBM simply copied the idea in the PC because it was so successful, sitting on the sidelines in both cases was however Microsoft with their Hardware (yes few remember Microsoft were a hardware company back then).

But yes Microsoft founded what some called “Plug and Pray” as “The Microsoft Way”.

The point is though, if you make something “easy to use” then it “hides complexity” and it is the complexity where the daemons get corrupted into demons and complexity is the place,where they hide out and play nasty with your system.

Clive Robinson July 23, 2021 12:11 AM

@ ALL,

One of the things we forget is that “What You See Is What You Get”(WYSIWYG) is very much responsible for many many of our “computing ills”.

If you think about traditional work flows such as writing a book or producing any other major work tgings were done in an order of increasing complexity.

Few remember basic text editors as the only way to get human endevor into a computer. Even less remember the early “Type-Setting” which still lurk around *nix man pages. Or “Desktop-Publishing”.

Now it all get’s thrown into one “mega-app” we call a “Word-Processor” with so much redundancy, over complexity bells and whistles. That not only do they come with their own inbuilt programming languages, they also have inadvertant Turing Complete state machines acting as other hidden languages…

Whilst it might be nice to have a toaster to heat “pop-tarts” do we realy need one that also makes Strawberry Pavlov as just one of a myriad of overly refined carbohydrate comestables to rot our teeth, bodies and brains with, whilst turning us into push button simpletons getting the next quick fix / sugar high?

Walk down any town high street and what do you see? Yup people glued to their mobile phones etc, not looking where they are going, or even hearing the curses and bad words sent in their directions because they are immersed in their tunes etc …

Evolution has taught us the hard way there is good reason for “work flows” as they tend to improve our survival chances significantly…

I still follow “work flows” as it makes security rather easier to manage as a system guardian, and a lot harder to attack by both outsiders and insiders as it limits their scope at each stage.

JonKnowsNothing July 23, 2021 12:50 AM

@Clive, All

re: Plug and Pray with the IRQ Pin Jumpers

Music from the oldies…

The bus had only N IRQ addresses and often there was a need to install N+1 devices in the slots.

When there were just pin jumpers, it was not too difficult except where the device makers only offered a few IRQ options that were mutually exclusive to something else that was also needed. So when installing you had to start with a big Venn diagram of IRQs.

Then came Plug and Pray and in theory, the system would auto-assign the IRQ from an internal table of open IRQs. Except, not every device could use the table auto-assigned IRQ. It became a game of musical slots and boards to get all the device IRQs assigned to the proper boards.

There were several aspects to Musical Boards:

1, Get the board to register the IRQ
2, Get the system to register the IRQ
3, Get the system to drop the assigned IRQ for that board
4, Get the next board in guaranteeing an IRQ clash
5, Put the boards in the proper order so the system would reassign the clashed IRQs in the system table in the order needed.

Between each step was a reboot and a lot of humming.

===

ht tps://en.wikipedia.org/wiki/Venn_diagram

(url fractured to prevent autorun)

Denton Scratch July 23, 2021 3:32 AM

Thanks, Bruce.

Mine’s a Samsung M2070 (update now installed). To my intense annoyance, shortly after I bought it I had occasion to visit the support site, only to discover that Samsung had already sold their printer division to HP.

I used to be a big supporter of HP inkjet printers. But then they started dicking around to prevent third-party ink refills, padding driver downloads with hugeamounts of junk I don’t need, and generally being uncool.

So I swore-off HP printers. That’s why I bought the bloody Samsung.

To be fair, it’s not a bad printer. I just wish they’d told me that I was really buying an HP.

Clive Robinson July 23, 2021 7:26 AM

@ JonKnowsNothing, ALL,

Between each step was a reboot and a lot of humming.

And if you are old enough the whirle then whizz of a wrap tool first unwrapping an IRQ wire followed by the wrap of a new wire, and buzz or three of a continuity tester…

To miquote the song,

“Those were the days, my friend We thought they’d never end.
We’d sing and dance forever and a day.
We’d live the life we choose We’d wire and never fuse.
For we were young and sure to have our way.

Then the busy years went crashing by us We lost our wirey notions on the way. If by chance I’d see you in the lab We’d smile at one another and we’d say Those were the days my friend We thought they’d never end.”

MikeA July 23, 2021 10:39 AM

@Jon, Clive

What I recall of the IBM-PC IRQ fiasco was a bit of a chicken and egg.

1) Original PC uses positive-edge-triggered IRQ. Folklore has variations on explanation, but two popular explanations are a) IBM used posedge IRQ in some of their “real” computers, and was used to it, or b) It saved half a dual D-flop for some onboard device.

2) Since this prevents (or rather, is believed to…) sharing of interrupt pins, all device drivers code their handlers as purely stand-alone, no concept of a general IRQ handler, circa 1960s or maybe older, or even a chain of “handlers that may be interested in this pin, please re-check when you are done”

3) Some bright spark figures out that the IRQ pins can be shared, possibly by using a negative blip on a normally high line, with a polite set of IRQ handlers.

4) Alas, once again the “hardware” is allegedly so-called because it’s hard to change, while the “software” is so called because it’s easily changed. The universe disagrees. So much ad-hoc hackery in existing drivers means that in practice, IRQs simply cannot be shared.

And of course we should never forget the wonder of the two-level interrupt “tree”, along with an Intel app-note recommending the acknowledgement order most likely to lose interrupts to race conditions. This persists well after an instrumented disk driver reveals large numbers of disk operations working only because of time-out/retry code. Depending on code that was put in to handle rare events to make it work at all. Masterful design!

elnora July 23, 2021 11:19 AM

There are critical flaws found in Linux all the time too. If it was as popular as Windows there would be even more. … I mean Linux is better designed but not immune to bugs.

The relevant “better design” here is that printer drivers generally don’t listen for user commands on Linux. Distributions tend to use CUPS, which handles that, although other aspects of its design (e.g. built-in web server that accepts passwords over plaintext connections) don’t inspire confidence.

Many printers don’t need drivers, and can accept Postscript or PDF. That takes care of one attack vector, not that we should feel too confident about trusting a printer’s built-in decade-old document parser. That’s an underexplored area for security research. Probably can’t get new firmware for these old printers anyway, and if we could, how many people would know they need it, where to get it, and how to install it?

Our ignorance of printer internals is depressing and ironic, given that a printer was what made Stallman first realize the harms of proprietary software. The EFF warned long ago about how color printers (and maybe others?) embed tracking data, and more recently we saw that this may have harmed Reality Winner. There’s DRM in ink and toner cartridges. Google turned probably tens or hundreds of thousands of printers into e-waste when they removed Cloud Print from Chromebooks. Yet there’s still no “OpenWRT for printers”; we’re stuck with whatever anti-user crap they come with. (Let’s not pretend printers will be obsolete any time soon, as some people say.)

echo July 23, 2021 1:36 PM

@Clive

Walk down any town high street and what do you see? Yup people glued to their mobile phones etc, not looking where they are going, or even hearing the curses and bad words sent in their directions because they are immersed in their tunes etc …

Evolution has taught us the hard way there is good reason for “work flows” as they tend to improve our survival chances significantly…

I still follow “work flows” as it makes security rather easier to manage as a system guardian, and a lot harder to attack by both outsiders and insiders as it limits their scope at each stage.

Workflows can be linear or none linear. Workflows can hide as much abuse as they reveal. Some tasks are done on computers almost exclusively now because computers confer leverage but a manual system can have its advantages cognitively and artistically. It’s quite a big and fluffy topic a bit like having a bar fight with a cloud on top of a mountain.

Perhaps it’s age or perhaps it’s because I have enough novelties rattling around my skull to keep me busy or I hate following the herd but I find value in doing things “old school”. I already know what AI and other fashions of the moment can do and don’t want to spend my time discovering what some other persons ideas of this are by living vicariously through consumerised products. My mind has already moved on and I find the latest gimmicks trivial.

I’ve “done” technology and want to spend my time doing things I didn’t explore as best I might the first time around or haven’t done before.

Some Guy July 23, 2021 1:57 PM

What is all this hardware and IRQ talk.

Reading about the flaw this type of problem goes way way back to Windows roots in OpenVMS. If you ever took writing device drivers classes they drove home that for an IO operation or any system call, you use some OS supplied macros/routines to test the user’s buffers for read/write as needed. Check sizes, etc., copy from their address space the parameters you need, into a IRP or some other non-paged pool you requested and then never look at the user request again, as they can change it on the stack later but before the IO finishes and needs the results.

There was a bug back in VMS 4.5 I think in a common driver. Simple program you made a read call from say a serial terminal, without waiting, $QIO. then right away change one of the returned parameters’s pointers and direct it to your process’s set of privilege bits. Then go to the terminal waring for an IO and hit a return, the IO would finish and some un-needed status would be written to your privs flags. Bang. You just got more privs. If lucky you got SYSPRV, BYPASS, or CMKRNL. If not run the code again.

Bottom line in writing anything related to a driver you assume that everything the user passes is messed up and you check for it and never trust them again.

The difference in this case is that in VMS the one and only call you needed was QIO. In windows they broke it up into READ, WRITE and IOCTL. Now you have to verify your parameter checking for 3 different cases rather than just one.

Now the Windows idea that you need a Kernel level driver to “format” printer data is messed up. Sure a driver CAN format data and provide the transport to the hardware, but it should have been split into two. A non-kernel, maybe just a library that formats the data for your model of printer, and then the OS supplied printer driver that gets it to physical printer.

Garabaldi July 23, 2021 7:21 PM

Could somebody explain what these “printer drivers” are doing running with privilege?

I’ve written two types of “printer driver”. The first takes a file in one format (e.g. troff) and outputs a file in another format (PCL, postscript etc.) the only permission it needs is reading and writing files. The second takes a stream of data and passes it to a hardware port, taking account of flow control. I hesitate to say this second type is so simple it’s hard to get wrong, but it is so simple it’s possible to get right. And it doesn’t need printer specific versions.

Some printers have two way communication, but again the drivers can be divided in a similar way.

SpaceLifeForm July 24, 2021 12:56 AM

@ Garabaldi

Could somebody explain what these “printer drivers” are doing running with privilege?

All drivers that can talk to hardware run as root/system.

Even a printer driver is not as simple as you would think.

The flow control is the biggest hassle with a printer driver.

What is the comm interface? Can you only send a few bytes at a time?

Is it pure serial? Or USB? Or parallel port? Or current loop?

Paper jam.

Clive Robinson July 24, 2021 2:26 AM

@ Garabaldi

Could somebody explain what these “printer drivers” are doing running with privilege?

It rather depends on what you mean by “privilege” and in which “context”.

You can design both the hardware and the low level drivers and OS so that no more privilege is required than would be required to write to any other process, which means next to no privileged if you want to take the effort (us a “letter box buffer and restricted state machine).

But that requires people that actually know what they are doing…

The other extream is one we used to call the “whorehouse door policy” where anything goes in any direction with no questions asked no matter how nasty.

Microsoft coming up from the CP/M single user single task no privilege restriction, no control, no security route obviously went down the wrong path from day zero. Which has provided massive exceptions year after year in the name of “backwards compatability” since then. Thus they now paying over and over, or more correctly their customers are in massive technical debt that will not stop growing and causing further technical problems with each new cludge that get’s bolted on.

*nix is a bit better but not a lot, in that it started with the idea of multi-user, multi-tasking, multi-privilege, limited enforced control and limited enforced security above the kernel. Unfortunatly they went with “Sys-programer knows what they are doing” thus put device drivers into privileged hardware and OS spaces beneath the kernel.

However due to the vagaries of “bolting on networking” a fairly early on mitigation policy was developed that is still being enhanced. Hence we now have ideas like “user-space IO” where for raw performance reasons you don’t but the IO under the kernel. Thus the control, privilege and security thinking involved is more widely available.

However multiuser shared userspace IO gives lots of side channel potential and way way much to interprocess transparancy to be good for anything other than minor data security.

Can this be tightened up? yes, should it be tightened up? Probably in most “server” cases. Unless you go down a different mitigation path of segregating users onto seperate hosts, which gives stronger data security assurances by hard segregation.

My personal choice is “hardware is inexpensive, and non complex hard state controled software desirable”. Thus the hard segregation at host level of users the best starting point. You can then go on and add further segregation as you go, where as doining it the other way around is just asking for trouble even at the best of times.

Untitled July 24, 2021 9:12 AM

@SpaceLifeForm or anyone who knows:

All drivers that can talk to hardware run as root/system.

No doubt, but we’re talking about printer drivers here, specifically Windows printer drivers, and my impression is that in Windows, printer drivers don’t normally talk directly to the hardware – it’s the spooler that takes raw data from the driver and talks to the printer. Do I misunderstand?

SpaceLifeForm July 24, 2021 7:48 PM

@ Untitled

The spooler is always involved. The spooler loads the printer drivers (dlls). The spooler runs as SYSTEM. Therefore, the driver is running at SYSTEM level.

The actual data to be printed goes to the spooler, which then hands it to the driver.

userland app -> spooler -> driver -> printer device

Note that the spooler does not have to run on a machine which has no printer device. The userland app can be on a different machine, but can select a network printer.

SpaceLifeForm July 24, 2021 8:22 PM

@ Untitled

I misread something about the spooler requirement. According to

hxtps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527

You can not disable the spooler on a machine that you wish to print from, even if there is no printer attached. At least, I think that is what this says.

I think it is saying that the spooler must be running on any machine to be able to see network printers.

Impact of workaround Disabling the Print Spooler service disables the ability to print both locally and remotely.

Goofy to me. Give me CUPS.

JonKnowsNothing July 24, 2021 9:47 PM

@SpaceLifeForm

re: You can not disable the spooler on a machine that you wish to print from

I cannot answer this definitively because I no long have a printer that works and my system is very old, but the system was set up for printing to the now defunct printer.

I was able to disable the spooler which is actually something that needs to be done regularly when a print job gets blocked in the queue. Documents printing in PDF format use the spooler and if they hang, you have stop and clear it and restart the process.

My documents printing in PDF format skip the now dead spooler-queue and actually clear much faster than previously.

You might not be able to print to a network printer, but I am not aware of any particular reason why not. The spooler just queues up stuff to feed to the printer. In old days, (ahem), it was FIFO . Perhaps some of the new fancy printers require a spooler on the file server to properly feed the device.

You can always hang a printer off the workstation IF the workstation has a port or connector for it. Some folks saved a nickle by not having connectors for local printers.

Something, something, NSA, something….

Weather July 25, 2021 12:34 AM

Is this a remote code excursion or a previlage excision? Would connecting to your printer by WiFi open ports on your computer?

Clive Robinson July 25, 2021 1:45 AM

@ Weather,

Would connecting to your printer by WiFi open ports on your computer?

That depends… “On Microsoft”.

The Microsoft policy used to be “Open everything up then try” as part of “Plug-n-Pray” this became obvious with time and a lot of complaints as a bad idea… So over the years they slowley became a little more restrictive. But unless you have new hardware new install of latest OS woth the latest patches, you don’t always know what nasties MS have left at the bottom of the garden…

For many years I used to advise people to install MS as a “throw away” that is in effect do a compleaye re-install every couple of weeks to three months maximum.

I then advised people to go down other routes that in effect did a clean image reinstall at every re-boot.

Now with friends-n-family etc I just refuse to support MS in any way and shake my head sadly and talk in the past tense because I know what’s going to happen sooner rather than later, and there is no gain I want that’s worth that pain.

Just wait for the Win 11 nonsense to get started because history tells us each time around an MS OS upgrade is more pain than the last time for more people than before, and that amount of human misery has pay back.

Clive Robinson July 25, 2021 2:43 AM

@ SpaceLifeForm,

You can not disable the spooler on a machine that you wish to print from, even if there is no printer attached. At least, I think that is what this says.

If memory serves correctly it’s because of a “many to many” issue…

That effectively got split into a “many to one” front-end and a “one to many” back-end, with a bit in the middle to do the actuall spool function. But… both the front-end and back-end got put in the same binary (common but nasty MS habit).

But also consider what a “spooler” actually does…

It’s effectly a buffer to increase both the responsiveness and utillity of the printing sub system.

In effect the client programe dumps a file to the spooler function as quickly as possible and the spooler puts the file in a job que to await it’s turn/fate at the actual printer sub system.

Fine with old style text files, and stand alone printers, but… Postscript being a programming language kind of messed all over that back in the 1980’s. Then HP and PDF did their own “program the printer” languages in your computer before sending out what might best be described as a raster image file. Ink jet printers became little more than a box of electro-mechanics sold at below cost to push over priced ink.

So what went where in the line up became at best unclear.

Then the fun realy started with loadable fonts and format conversion. So you might have a “PostScript to ASCII” shell script and executable (GhostScript) running between the client and the input to the general spooler so the actual file in the spool system is just a big old ASCII file… You might likewise have a graphics convertion file on the ouput of the spooler but before the printer, etc etc.

It was all messy messy messy, which is why the “Common Unix Print System”(CUPS) became so popular. Even though you could mess around with it to your hearts content, the people building bits for it did things in sane and logical ways that nearly always worked without any pain.

But CUPS was not “The Microsoft way” thus the usual nonsense started…

SpaceLifeForm July 25, 2021 5:40 PM

@ Clive

Historical technical debt.

Trumpet.

More later.

I’ve not dealt with SYSOUT CLASS in some time, amazing the growth.

hxtps://www.ibm.com/docs/en/zos/2.4.0?topic=archiving-jcl-parameters

SpaceLifeForm July 25, 2021 6:26 PM

@ Clive, ALL

As a mainframe developer, you would always use this. Always.

SYSOUT HOLD

Because, it would be very, very, rare that you needed a paper printout to find the bug that the compiler or linker reported.

You could read the output from the spooler without wasting time and paper.

Figure out problem, cancel print job.

Very rare you would need paper printout.

It had to be a nasty bug to require printout.

hxtps://www.ibm.com/docs/en/zos/2.3.0?topic=statement-hold-parameter

Clive Robinson July 26, 2021 12:57 AM

@ SpaceLifeForm,

Because, it would be very, very, rare that you needed a paper printout to find the bug that the compiler or linker reported.

OMG, those were the days when most code was less than a few K of assembler and you could hold it all in your head 😉

I remember the kerfuffle when the UK ATC proposal said “no to IBM” because they did not have enough SysRAM so *nix crept in…

And got blaimed for all the delays and other nonsense, that was in reality SysDevs being given to much freedom to experiment with “new ways” of thinking… (you might say “objects” but I would not be quite that crass 😉

SpaceLifeForm July 26, 2021 1:19 AM

More on spooling

As Clive described, the original reason for a spooler was to buffer the output. In particular, because a printer was slow compared to the cpu and disk. And on a mainframe, you wanted to get the job done, so you could free up the ram for another job in the job queue. You did not want the actual printing to become a bottleneck. Managing the job queue and memory partitioning was very important when you only had 128K or 256K to work with, and the jobs needed to complete within a less than 24 hour window. That is not a typo, that is K, as in Kilobytes, using hardware that would not fit in your kitchen. I do not make stuff up. That is true historical fact.

So, original spooling was app -> spooler -> disk -> spooler -> printer

Spoolers can be very sophisticated. Besides being able to read from a spooler without printing, a smart spooler can drive multiple printers. In fact, a smart spooler should be able to drive multiple printers. Simultaneously. A smart spooler should allow the user/operator to change the destination printer. A really smart spooling system should allow re-directs, to have a spooler server send a print job to another spooling system across a network.

In Windows land, I do not believe that really exists.

The historical cruft, the technical debt, led to complexity, and more problems.

After more research, I think what happened early on, was that networked printers became an afterthought. Trumpet was good, but did not address networked printers. But that was not the job of Trumpet.

What many think of as a printer driver today, is not a true driver. It is a collection of stuff, some being a true driver, some being formatting/translation software, and some weird stuff, like some code to bug you about your ink being low.

Here’s what I think is the real current model of printing and spooling on Windows.

app -> local spooler -> formatting/translation -> local spooler -> disk -> local spooler -> real driver -> printer device

In the networked printer environment, I think it goes like this

app -> local spooler -> formatting/translation -> local spooler -> disk -> local spooler -> SMB -> remote spooler -> remote disk -> remote spooler -> real driver -> printer device

The reason this fits is because many people over the years would have problems printing to a remote printer if the driver package was not installed on their local machine. Even if no printer was ever attached locally.

The local machine did not need the true driver, but needed the formatting software from the driver package.

It does the help the appearance. The user does not even wait for the network. The local machine does the formatting work which reduces load on the remote print server.

It’s when the user goes to the printer, and nothing is there.

Then the admin screams.

SpaceLifeForm July 26, 2021 2:02 AM

@ Clive

“objects” is noun, not verb, correct?

As in Technical Marketing Representatives?

As in long lunches and off-site technical meetings?

Clive Robinson July 26, 2021 2:37 AM

@ SpaceLifeForm,

As in long lunches and off-site technical meetings?

Only in late afternoon, because…

There was per hour billing at three different rates from 08:00 to 18:00 it was “time”, to 22:00 “time and a half” then cerching “tripple time”.

A smart consultant would start their day at 06:00 on a “long job” thus be on tripple time for most of the rest of the day…

I remember one local hotel used to start breakfasts at 04:30 by “popular demand” and the dinning room would be full to capacity, with consultants shovelling full English onto plates with a dozen slices of bacon and half a dozen sausages sliding sideways between six or eight slices of toast to get discreetly wrapped in paper napkins for elevensis and lunch “on the clock”…

The project probably did more to kill off consultants by early “left arm tinglers” from arterial cholesterol than any 40 cigs a day habit those in marketing had ever could…

Chris Pugson July 26, 2021 4:29 AM

The HP support application is very non-intuitive. Once it was installed, it would not identify my ancient HP LaserJet 1100 which is actually supported by a Microsoft supplied driver. There is no SSPORT.SYS file in the C:\Windows\System32\driver\ folder so, puzzled and confused, I guess that my HP LaserJet 1100 driver is not affected by the vulnerability but I would like to be sure.

SpaceLifeForm July 26, 2021 3:55 PM

@ Chris Pugson

I would suspect it is vulnerable, but if your opsec is good, you may not need to worry about an attack.

I believe you can find an exploit tool on the internet, so you could actually test it.

I may be confusing different printer/spooler CVE exploits however. Sorry, don’t have a link handy.

Apple ][ for ever ! July 27, 2021 5:02 AM

Mr Clive Robinson still uses WinXP (SP3, I suppose) and Office 97 : “It does the dull stuff I need it to, relatively quickly on fully isolated systems.” (July 22, 2021 11:17 AM)
Maybe Game of Thrones’ author is right still using a very old WordStar. As a WordPerfect 5.1 / Novell DOS 7 user myself, I suppose I should consider downgrading further. 😉
Once a PC is correctly setup to do what you need, don’t ever connect it to the Internet, and don’t change anything (software and hardware) unless there is a very good reason. Any update can break more things than it fixes (I’ve been using computers from the AIM-65 days). Multiboot is your friend — any DOS, Win98SE (if motherboard still allows it), WinXP and, if really required, any linux.

Clive Robinson July 27, 2021 6:11 AM

@ Apple ][ for ever,

Maybe Game of Thrones’ author is right still using a very old WordStar.

Yes I still use WS 4 as well as Borland IDE’s and even Jstar on older Linux as well[1]… Then there is Mirror comms prog that has a WS shell to work in that will work witg debug and other creaky old MS-DOS tools that I cobbled together tool chains in back last century, but still support.

Oh and yes the Apple ][ UCSD P system that does both Pascal and Fortran…

The point is they do what I need them to do without fuss or bother, and they don’t get in the way…

Yes the Apple ][ editor running on a 1MHz 6502 CPU is still more responsive to user keyboard input than even the fastest of modetn PCs.

Then there’s the couple of vt100’s and the VT52, connected via serial ports to an old 486 that kind of acts as a “port concentrator” and line printer spooler (of the old school sort). It also runs several 8bit micro development boards from the early 1990’s with a product called DOS-Merge.

There’s even a micro-vax lurking around the place, not that I’ve turned it on in a very very long time.

I’ve just been joking with one of the Drs here about medical electronics, and that my house is a “retirment home for old but hardworking computers” and bits of “prototype space payloads” so any new medical electronics they give me should tuck in quite nicely between the bits.

[1] JOE JStar, https://joe-editor.sourceforge.io has the advantage of being simple to compile as it does not need a cascade of libraries, just libc and is also fairly readable, so can make a good place for newbie programers to have a play with a real application (oh adding crypto-code and keeping it all in RAM is not that dificult either).

Apple ][ for ever ! July 27, 2021 9:36 AM

@Clive Robinson : I like the idea of a “retirement home for old but hardworking computers”. I miss the Rockwell 6502 and Zilog Z80 times, when assembly ruled.
Still maintaining [un]utilities for real DOS. A few of them might be of interest :
http://www.uranus.ru/qdt_readme.htm
(terse list after “Here are the programs by category.”)

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.