Skip to main content
Available 24/7 for Emergency Support
(727) 230-8000
Geeks in Sneaks
How to Prevent Malware from Abusing Network Printers
Printer IssuesIntermediate30-60 minutes

How to Prevent Malware from Abusing Network Printers

Difficulty
Intermediate
Time
30-60 minutes
Category
Printer Issues

Concerned about malware using your printer to spread or spy? Here's how to secure network printers against malicious software and attacks.

đź’ˇWhat's Happening

Network printers are often overlooked as security risks, but they can be vulnerable entry points for malware. Printers connected to your network can be exploited by malicious software to print spam, spread to other devices, spy on documents, or even serve as a foothold for attackers to access your network. This isn't just theoretical—real malware like PrintNightmare and PrintDemon have specifically targeted printer vulnerabilities. If a printer is poorly secured, it can become a weak link in your otherwise secure network. This guide will help you lock down your printer against malware threats.

âś“Quick Checks (Do These First)

  • Is your printer's firmware up to date? Outdated firmware is one of the biggest vulnerabilities. Check for updates immediately.
  • Is your printer accessible from the internet? Go to shodan.io and search for your public IP. If your printer shows up, it's exposed and needs to be locked down immediately.
  • Does your printer have default credentials? If you've never changed the admin password, attackers can easily take control.

🔧Step-by-Step Fixes

Fix 1: Update Printer Firmware Immediately

The single most important defense against malware is keeping firmware updated. Manufacturers release patches for discovered vulnerabilities.

  1. Find your printer's IP address (print a network configuration page)
  2. Type the IP address into a web browser to access the printer's web interface
  3. Log in with admin credentials
  4. Navigate to Settings, Maintenance, or Firmware Update
  5. Check for updates and install any available
  6. Or visit the manufacturer's website:
    • HP: support.hp.com > enter model > Downloads > Firmware
    • Canon: canon.com/support > Products > Your model > Drivers & Downloads
    • Epson: epson.com/support > Your model > Downloads
    • Brother: brother.com/support > Product > Downloads
  7. Download the latest firmware and install according to instructions
  8. Enable Automatic Updates if you trust the manufacturer (but see security note in Fix 2)

Critical vulnerabilities to patch: PrintNightmare (CVE-2021-34527), PrintDemon, CUPS vulnerabilities (for network Unix printing)

Fix 2: Change Default Credentials and Secure Admin Access

Default passwords are publicly known and easily exploited by malware and attackers.

  1. Access your printer's web interface
  2. Log in with current credentials (if still using defaults like "admin/admin", this is urgent)
  3. Go to Security or Administrator Settings
  4. Change the admin username and password to something strong:
    • At least 12 characters
    • Mix of uppercase, lowercase, numbers, symbols
    • Not related to "printer," "admin," or your model number
  5. Disable Remote Management if you don't need it
  6. Enable HTTPS only for web interface access (disable HTTP)
  7. Enable SNMPv3 (if your printer uses SNMP) and disable older versions (SNMPv1/v2) which transmit passwords in cleartext
  8. Save all changes

Fix 3: Disable Unnecessary Network Services and Protocols

Printers run many network services that can be exploited. Disable anything you don't actively use.

  1. In your printer's web interface, go to Network or Services
  2. Review enabled protocols and disable these if not needed:
    • FTP (File Transfer Protocol) - rarely needed, often insecure
    • Telnet - unencrypted remote access, major vulnerability
    • SNMPv1/v2c - older versions are insecure, use SNMPv3 or disable
    • LPD/LPR - legacy printing protocol, disable if you use IPP instead
    • Bonjour/mDNS - makes printer discoverable, disable if you don't need AirPrint
    • Web Services - cloud printing features like HP ePrint (disable if you don't use them)
    • UPnP - can allow unauthorized port forwarding, major security risk
  3. Keep only the protocols you need (typically: IPP, HTTP/HTTPS for web interface, SNMP v3 if you monitor the printer)
  4. Save settings

Fix 4: Isolate Printer on Separate Network Segment

The best defense is preventing malware on one device from reaching your printer in the first place.

Option A: Use VLAN or Guest Network (Recommended)

  1. Set up a separate VLAN or guest network for IoT devices and printers
  2. Connect your printer to this isolated network
  3. Configure firewall rules:
    • Allow computers on main network → printer (printing ports only: 9100, 631)
    • Block printer → main network (prevents printer from initiating connections)
    • Block or heavily restrict printer → internet (prevents cloud exploits and data exfiltration)
  4. This way, even if the printer is compromised, malware can't spread to your computers

Option B: Use Software Firewall on Computer

  1. If you can't do network segmentation, configure your computer's firewall
  2. Block all incoming connections from your printer's IP except on printing ports
  3. On Windows Firewall, create rules to allow printer communication but block file sharing and admin protocols

Fix 5: Enable Printer Access Control and Authentication

Require authentication so malware can't just send arbitrary print jobs.

  1. In printer web interface, go to Security or Access Control
  2. Enable User Authentication or Secure Printing
  3. Require PIN or password for all print jobs
  4. Create an Access Control List (ACL) with only allowed device MAC addresses or IP addresses
  5. Enable IPsec or 802.1X authentication if your printer and network support it (enterprise feature)
  6. Disable Anonymous Printing

This means only authenticated users and devices can send print jobs—malware running in the background won't have the credentials to abuse the printer.

Fix 6: Disable Print Spooler Service on Computers (Windows)

Many Windows malware variants exploit the Print Spooler service (like PrintNightmare). If you don't print often, disable it.

  1. Press Windows + R, type services.msc, hit Enter
  2. Scroll down to Print Spooler
  3. Right-click and select Properties
  4. Change Startup type to Disabled
  5. Click Stop to stop the service immediately
  6. Click OK

Note: This prevents all printing from this computer. Only do this if you rarely print or are willing to manually enable it when needed.

Alternative: Keep Print Spooler enabled but apply Microsoft's patches for PrintNightmare and configure it to only accept signed drivers.

Fix 7: Monitor Printer for Suspicious Activity

Set up monitoring to detect if your printer is being abused.

  1. Enable Logging in your printer's web interface
  2. Configure it to log all print jobs, access attempts, and configuration changes
  3. Review logs regularly (or use SIEM tools if you're in a business environment)
  4. Set up email alerts for:
    • Failed login attempts
    • Configuration changes
    • Unusual print jobs (especially at odd hours)
    • High volume of print jobs from unknown sources
  5. Check printer's Job History regularly for unexpected jobs

If you see print jobs you didn't send, especially with strange names or from unknown users, investigate immediately—your network might be compromised.

Fix 8: Patch Windows Print Vulnerabilities

Make sure your computers have the latest Windows updates to patch print-related vulnerabilities.

  1. Go to Settings > Update & Security > Windows Update
  2. Click Check for updates
  3. Install all available updates, especially security patches
  4. Pay special attention to updates mentioning "Print Spooler" or printing vulnerabilities
  5. Restart if prompted

Microsoft has released multiple patches for print-related exploits. Keeping Windows updated closes these holes.

⚠️If Nothing Worked

If you suspect your printer is already compromised (printing random documents, network traffic from the printer to suspicious IPs, or changed settings you didn't modify), you need to take immediate action. Disconnect the printer from the network, perform a full factory reset, update firmware to the latest version, change all credentials, and then reconnect it with all security measures in place. Scan all computers on your network with updated antivirus and anti-malware tools. Consider getting a professional security audit if you handle sensitive data—compromised printers in business environments can lead to serious data breaches.

đź“žWhen to Call a Pro

Network printer security is complex, especially in business environments. If you're managing multiple printers, handling sensitive documents (medical, legal, financial), or have already experienced a security incident, professional help is essential. IT security professionals can conduct vulnerability assessments, implement network segmentation, configure enterprise-grade authentication systems, and set up monitoring to detect threats in real time. For businesses, this isn't optional—printer security is part of overall network security and compliance requirements. A compromised printer can violate HIPAA, GDPR, and other regulations, leading to serious penalties.

Need Professional Help?

If you're in the Tampa Bay area and need hands-on assistance, Geeks in Sneaks provides friendly, on-site tech support in Clearwater, Clearwater Beach, and Dunedin.

Schedule a Visit

Related Topics

securitymalwarenetworkfirmwarevulnerabilities

Need Professional Help?

If you're still having trouble, our expert technicians can help.

Learn about our printer support service