Microsoft issued a patch (MS16-087) that shows the dangerous trade-off sometimes made between security and convenience. The attack relies on a protocol called Microsoft Web Point-and-Print, which the company incorporated into Windows to make it easy to connect to a printer. Vectra Networks found a bug in printer software that allowed them to insert malicious code into a driver. A printer driver is given a free pass: it’s not subject to User Account Control, or UAC, which warns users before installing new software.”]
Source: https://www.careersinfosecurity.com/blogs/ready-to-print-heres-malware-instead-p-2180