ssport.sys
Samsung-origin printer port driver (HP / Samsung / Xerox printer installers)
ssport.sys is a small port driver originally written by Samsung Electronics in 2005 and bundled with hundreds of HP, Samsung, and Xerox printer installers ever since. HP acquired Samsung's printer business in 2017, which is why the same driver continued to ship across all three brands. It is not a SteelSeries driver despite the 'ss' prefix; the SteelSeries Engine drivers are unrelated.
The driver loads at every Windows boot on any machine where the printer installer ever ran (including installs that the user cancelled mid-flow). In July 2021, SentinelLabs disclosed CVE-2021-3438, a buffer-overflow vulnerability in the driver that allowed local privilege escalation. SentinelLabs estimated hundreds of millions of machines were affected because the driver had been in distribution for sixteen years before disclosure. HP shipped a fix in May 2021 alongside coordinated disclosure.
The defensive lesson is straightforward: signed drivers from mainstream peripherals (printers, scanners, webcams) are a real living-off-the-land surface, and old installers leave residue long after the device is gone. If you find ssport.sys on a machine you do not use for printing, the leftover printer software can be removed; HP, Samsung, and Xerox have published their updates through Windows Update and their own utilities.
ssport.sys is listed as a known-vulnerable driver on the public LOLDrivers project. One distinct binary hash matching this filename is on record.
Status data comes from the public LOLDrivers project, a community-curated registry of drivers known to be vulnerable or malicious. The snapshot Vera uses was refreshed July 10, 2026. CVE links go to the NIST National Vulnerability Database.
Vera Project. “ssport.sys.” Vera Field Guide (Driver). The Vera Project. https://www.veraproject.xyz/field-guide/drivers/ssport-sys
