/u/break_me_down on KB3170455 stops non-admin users…

Posted by & filed under sysadmin.

The basic explanation for why this happened is that there was a POC released about how to pwn an entire network by pwning a network printer. Basically you can inject infected drivers into the connection and have them push to any workstation that connects to the printer, so long as you have admin access to the printer itself. Pretty cool, and also pretty scary.

Here's a full writeup:

http://blog.vectranetworks.com/blog/microsoft-windows-printer-wateringhole-attack