Regarding your second question, AFAIK it works in this manner: Printers require drivers to be installed on each system to tell the applications how to print. The drivers have direct access to the kernel of the system. There are group policies which businesses can use to restrict access to only named print servers, but many businesses will just enable any domain related device to be a print server.
Not too hard (especially with physical access to a PC) to install and share some printers. These could be malicious drivers which, if someone connects to your shared printer, you've got code to interact with the kernel of their system - basically you could take ownership of it.