Hybrid Work Exposes New Vulnerabilities in Print Security
The shift to a distributed work model has exposed organizations to new threats, and a low but continuing stream of printer-related vulnerabilities isn't helping.
October 16, 2024
The shift to hybrid work models has exposed new vulnerabilities in corporate print infrastructure and heightened security risks at many organizations.
The risks run the gamut and include employees using insecure and unmanaged printers, remote workers sending print jobs over public networks, inadequate user authentication and print job release processes, exposed local spools and caches, and inconsistent patching practices.
A relatively low but steady volume of print-related vulnerabilities have exacerbated these issues. Recent examples of such vulnerabilities include CVE-2024-38199 (a remote code execution [RCE] vulnerability in the Windows or Line Printer Daemon [LPD] Service), CVE-2024-21433 (a Windows Print Spooler elevation of privilege vulnerability), and CVE-2024-43529 (a similar vulnerability that Microsoft disclosed in its October security update). The threats are certainly not Windows-specific, either. Recently, researchers discovered a set of potentially severe flaws in Common Unix Printing System (CUPS), a legacy protocol largely used in Linux, Unix, and heterogeneous environments.
Though few of these flaws have presented as major a threat as the PrintNightmare RCE flaw from 2021 in the Windows Print Spooler service, they have complicated the challenge of managing modern print infrastructure. Attackers, including nation-state actors, have sometimes abused printer software vulnerabilities — like CVE-2022-38028 — to substantial effect in their campaigns.
Increase in Printer-Related Breaches
The trends have driven an increase in print-related data breaches. A recent study that Quocirca conducted found that 67% of respondents experienced a printer-related security incident in 2024, compared with 61% last year. Small and mid-market organizations fared worse, with three-quarters (74%) reporting a printer-related data loss incident. Thirty-three percent pointed to unmanaged, employee-owned printers as a major security concern, and 29% identified vulnerabilities in office printing environments as presenting a major risk. More than a quarter (28%) identified their biggest printer related security challenge as protecting sensitive and confidential information.
Casey Ellis, founder and chief strategy officer at Bugcrowd, says the takeaway for organizations is that print security needs to be priority for decision makers. "Printer and print servers are an excellent place to establish persistence and gain business intelligence on a target," he says. The CUPS vulnerabilities showed that old, unused printer software can still represent a significant attack surface, especially for internal attacks and lateral movement.
Unfortunately, many organizations might be underestimating the risks or overlooking them altogether. And the shift to cloud/hybrid print environments have made printer infrastructure even more of an invisible issue from a vulnerability management standpoint, Ellis notes. "Let’s be real — the list of people who spend their days thinking about or even interacting with printers is a pretty small one," he says. "If your vulnerability management process allows out-of-sight, out-of-mind to dictate priority, it’s easy to miss [printer security risks]," he says.
The main takeaway is a general one, Ellis says: "Organizations need to remain diligent about their asset inventory and overall attack surface and ensure that they have a process for evaluating the risk."
Printers, an Underestimated Risk?
The legacy nature of many printer service environments is another issue, because vulnerabilities can sometimes exist undetected on them for years. Often, these printer environments lack the kind of monitoring tools that are available on other endpoint systems, making them a big target for attackers.
Often flaws are introduced into organizations' print infrastructure because print services are on by default and administrators are not aware of this, says Tom Boyer, director of security at Automox. "This means that this risk will go unseen for years and adversaries use that to their advantage," he notes. "They often know more about the target environment than the company themselves."
The Quocirca survey found security to be the top barrier to adoption of cloud print services as well.
"Although many organizations believe the cloud is more secure than an on-premise environment, security concerns remain a critical barrier to cloud print adoption," says Nicole Heinsler, chief engineer of security and device management at Xerox. "Overall, there is a disconnect between providers and clients on how the cloud can improve security by managing zero-day threats more effectively, and how data sovereignty can be more easily managed through cloud policies."
Cloud Printing Cyber-Risks
The survey found that many organizations view resting data — such as print jobs waiting in a queue and documents uploaded to the cloud print service — as a primary risk, Heinsler says: "This is why incorporating zero-trust principles in your cloud print infrastructure, such as authentication and access control, monitoring, detection, remediation, data and document protection, encryption, and automation, is so imperative."
One way to centralize print management infrastructure is to use cloud print options that deploy a native cloud architecture, rather than to attempt a "lift-and-shift" of traditional on-premises server architecture to a private cloud, she notes. The challenges organizations face will depend on the level of customization their applications have.
"For example, if they use standard print protocols, there's often little issue with [cloud] integration," Heinsler says. "[But] specific applications should be subjected to proof of concept before full enterprise deployment."
About the Author
You May Also Like