NDD Print Solution TOCTOU Vulnerability Allowing SYSTEM-Level Access

A Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the NDD Print solution driver, affecting versions through 5.24.3. This vulnerability could allow an unprivileged user to exploit the flaw and gain SYSTEM-level access on the device. The issue arises when a Dynamic Link Library (DLL) is validated and authorized by the Windows operating system, creating a window of opportunity for exploitation before the DLL is actually used. To successfully exploit this vulnerability, an attacker would need to have already compromised the corporate network, bypassing security measures such as firewalls, intrusion detection systems, and antivirus solutions.

Impact

Exploitation of this vulnerability could lead to unauthorized SYSTEM-level access on the affected device.

Remediation

Users are advised to update the NDD Print Agent to version 5.24.6 or later. For those using NDD Print Host, it is recommended to update to the latest version available on the NDD portal. Specific instructions for different scenarios are provided in the NDD security bulletin.