Table of contents
Collapse the table of content
Expand the table of content

V4 Printer Driver Security Considerations

Last Updated: 9/16/2016

In addition to the usual threats such as elevation of privilege, spoofed devices, or man in the middle attacks, v4 printer drivers also need to be compatible with low-rights applications like Internet Explorer 9.

XPS rendering filters and JavaScript files must all be hardened against all forms of untrusted data from applications, users, or data from across machine boundaries. Malformed PrintTickets, XPS documents, property bags, and even BidiResponses must be validated and parsed carefully and should never be used to store executable code. We recommend that partners use extensive fuzzed file testing to ensure graceful failure without compromising security integrity.

V4 Printer Driver Development Best Practices

Send comments about this topic to Microsoft

© 2017 Microsoft