This issue affects Net View enabled printers running Windows 7 and Windows 8.1, as well as Windows 10, when printing from a web browser. Net View does not require user interaction to be enabled, so all printers that are connected to a computer via USB and running vulnerable versions of Windows are at risk. When printing from a web browser, the affected printer will attempt to export the user's address book to the following URL: This can be used to access the current user's list of contacts, with information that includes usernames and email addresses. The following table shows the printer model and Windows version that is at risk. Windows Address Book Export URL Windows Address Book Export URL Windows Address Book Export URL Windows Address Book Export URL Windows 7 32-bit (SP1 and prior) https://[IP address of printer]/shared/addressbook/ Windows 7 64-bit (SP1 and prior) https://[IP address of printer]/shared/addressbook/ Windows 8.1 32-bit https://[IP address of printer]/shared/addressbook/ Windows 8.1 64-bit https://[IP address of printer]/shared/addressbook/ Windows 10 32-bit https://[IP address of printer]/shared/addressbook/ Windows 10 64-bit https://[IP address of printer]/shared/addressbook/
What you should do
The proper course of action is to remove all affected printers from the network and update affected printers to a non-vulnerable version. To do this, connect the printer via USB to another computer with a non-vulnerable operating system, such as Windows 7 or 8.1. From there, open Device Manager by right-clicking on Computer in the Start Menu, selecting Properties, and then clicking Device Manager. You should see the printer listed under Ports (COM & LPT). Right-click on the printer's port and select Uninstall Driver Software. Click OK in the dialog box that appears while uninstalling driver software and then restart your computer.
How to check if you are affected by CVE-2022-1026
If you are using a Net View enabled printer on any of the affected versions of Windows, this issue will cause the printer to export your address book information. To check if you are affected by CVE-2022-1026 follow these steps:
1. Open a web browser and type or paste http://[IP address of printer]/shared/addressbook. You will see a page that looks like this:
2. Look for an option that says "Export as vCard" and click on it. This will open a new page that contains the username and email addresses of every contact on your computer, including those in your address book:
3. If there is no option for Export as vCard, then you are not at risk for this issue
How to check if an affected printer is in use on your network?
The following methods can be used to check if an affected printer is in use on your network.
Method 1: Open Windows Explorer and open the printer's properties. The address book export URL will appear as a "link" under "Export settings".
Method 2: In the print options for the affected printer, open the Advanced tab and select "Export Address List". This will display the printer's address book export URL.
Net View Overview
Net View is a technology that allows users to print from a web browser without having to install any drivers. Net View provides access to printers by using the same mechanisms that are used with an IP address and Universal Plug and Play (UPnP). However, there are some security risks involved with this feature. The following table shows the potential vulnerabilities that can be exploited using Net View Export:
- User's list of contacts stolen
IDS and Net View
IDS, or intrusion detection systems, are used to detect attacks. Net View is a service that comes with Windows 7 and 8.1, for example, which is designed to help users manage their printer settings remotely. It does this by enabling printers to export all of the information stored on them - including usernames and email addresses - in plain text. The affected printer will attempt to export the user's address book to the following URL:
Timeline
Published on: 04/04/2022 15:15:00 UTC
Last modified on: 04/12/2022 17:20:00 UTC