The transition to hybrid work models has shone a light on new vulnerabilities in corporate print infrastructure, leading to heightened security risks for many organizations. Various issues have emerged in this new working landscape, including employees using insecure and unmanaged printers, remote workers sending print jobs over public networks, inadequate user authentication and print job release processes, exposed local spools and caches, and inconsistent patching practices.
A slew of print-related vulnerabilities have exacerbated these risks, with recent examples such as CVE-2024-38199 (a remote code execution [RCE] vulnerability in the Windows or Line Printer Daemon [LPD] Service), CVE-2024-21433 (a Windows Print Spooler elevation of privilege vulnerability), and CVE-2024-43529 (a vulnerability disclosed in Microsoft’s October security update). These threats are not limited to Windows; researchers have also found potentially severe flaws in the Common Unix Printing System (CUPS), commonly used in Linux, Unix, and heterogeneous environments.
While these flaws may not pose as significant a threat as the PrintNightmare RCE flaw from 2021, they have added complexity to managing modern print infrastructure. Attackers, including nation-state actors, have exploited printer software vulnerabilities like CVE-2022-38028 in their campaigns, underscoring the importance of addressing print security.
The increase in print-related data breaches has been notable, with a study by Quocirca revealing that 67% of respondents experienced a printer-related security incident in 2024, up from 61% the previous year. Small and mid-market organizations have been particularly affected, with 74% reporting a printer-related data loss incident. Unmanaged, employee-owned printers and vulnerabilities in office printing environments were cited as major security concerns.
Casey Ellis, founder and chief strategy officer at Bugcrowd, emphasized the need for organizations to prioritize print security. He highlighted that printers and print servers can be used as points of entry for attackers to establish persistence and gain business intelligence. The vulnerabilities in CUPS demonstrated that outdated printer software can still pose a significant risk for internal attacks and lateral movement.
Despite the risks posed by print infrastructure, many organizations may underestimate or overlook them. The shift to cloud/hybrid print environments has further obscured printer vulnerabilities from a vulnerability management perspective. Tom Boyer, director of security at Automox, pointed out that vulnerabilities in print environments often go undetected for years due to the lack of monitoring tools available for printers compared to other endpoints.
Security concerns also hinder the adoption of cloud print services, as highlighted by Nicole Heinsler, chief engineer of security and device management at Xerox. The disconnect between providers and clients regarding the security benefits of cloud services can impede adoption. Incorporating zero-trust principles like authentication, access control, and encryption is crucial to mitigating risks in cloud print infrastructure.
Organizations are advised to centralize their print management infrastructure using cloud print options with native cloud architecture. This approach can help address the challenges posed by customization levels in applications. Implementing proof of concept testing for specific applications before full deployment can ensure a secure transition to cloud printing. In conclusion, organizations must remain vigilant about their asset inventory and attack surface to protect against evolving print-related security threats.