Balancing security, convenience and backwards compatibility with older devices is challenging. This is like some other subsystems in Windows, but printing is a particularly challenging scenario because both we and customers want the process to be as frictionless as possible. ![]() The security model for print drivers relies on a shared responsibility approach where the Windows printing stack and third-party drivers must each play a role in providing functionality and enforcing security promises while avoiding introducing vulnerabilities. What we found is that Windows Protected Print Mode mitigated over half of those vulnerabilities.Īlthough we know some may find changing configurations inconvenient, we believe it is best for overall user security. To put these changes in some context, MORSE did an analysis of past MSRC cases for Windows Print to assess if these changes would help. WPP blocks all third-party drivers and implements a wide range of new security protections. Securing the print stack is challenging, in large part due to the use of third-party drivers. Print bugs played a role in Stuxnet and Print Nightmare, and account for 9% of all Windows cases reported to MSRC. The Spooler runs with high privileges and must load code from the network which is difficult to accomplish with low friction and high security. The Windows print system has been a key target for attackers. One of the largest motivations behind the change is security. This article will explain the case for adopting driverless printing, provide some insights on compatibility, and preview the security improvements provided by Windows Protected Print Mode. Moving away from drivers has allowed us to significantly improve the print stack. Recently, we announced our plan to end servicing for third-party drivers in Windows. We believe users should be Secure-by-Default which is why WPP will eventually be on by default in Windows. ![]() We are calling this new platform Windows Protected Print Mode (WPP). The goal was to build a more modern and secure print system that maximizes compatibility and puts users first. This new design represents one of the largest changes to the Windows Print stack in more than 20 years. Over the past year, the MORSE team has been working in collaboration with the Windows Print team to modernize the Windows Print System.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |