HP Printer Flaw Puts 150 Models at Risk—Install this Patch Right Now

HP printer homeowners ought to obtain the newest firmware to guard their gadgets from essential safety flaws.

Researchers at F-Secure recently revealed severe vulnerabilities affecting roughly 150 HP printer fashions together with HP Color LaserJet Enterprise, HP LaserJet Enterprise, HP PageWide, HP OfficeJet Enterprise Color, and HP ScanJet Enterprise 8500 FN1 Document Capture Workstation sequence.

Dubbed “Printing Shellz,” the flaw consists of two separate vulnerabilities that give attackers a method to steal your private data. The flaw exists within the printers’ communication board and font parser. When exploited, an attacker can acquire code execution rights to nab data from the printer or use the machine as a supply for additional assaults.

The extra harmful of the vulnerabilities, CVE-2021-39238 (CVSS rating of 9.3), is a buffer overflow problem that’s wormable, that means it may possibly dig its approach into different weak multi-function printers. Moreover, the flaw might be executed remotely by luring a sufferer to a malicious web site and delivering an exploit payload from the browser to the printer, a way known as cross-site printing.

Before you go Office Space in your HP, there may be some reassuring information. A couple of months after F-Secure disclosed these flaws to HP in April, the tech firm launched patches to mitigate the chance. HP is now urging prospects to go to the HP Software and Driver Downloads web page and seek for their particular printer mannequin to put in the patch. So far, there isn’t any proof of an exploitation of the vulnerabilities being carried out within the wild.

“Any organizations using affected devices should install the patches as soon as they’re available,” the researchers say. “While exploiting these issues is somewhat difficult, the public disclosure of these vulnerabilities will help threat actors know what to look for to attack vulnerable organizations.”

It’s additionally price noting that the second problem, CVE-2021-39237 (CVSS rating of seven.1), is attributable to uncovered ports, that means bodily entry is required to hold out an assault. This might be finished utilizing a USB stick or by connecting to the printer’s Ethernet port. F-Secure recommends conserving the choice to print from a USB disabled.

We usually affiliate malware with laptops, desktops, and banking providers, however printers are a frequent goal for hackers. In 2017, researchers found a gaggle of vulnerabilities in a minimum of 20 community printer fashions made by well-known manufacturers, HP being one in every of them. And earlier this 12 months, Microsoft launched an emergency patch for a essential bug known as “PrintNightmare” that gave attackers entry to put in malicious code.

Let this be a reminder to all the time preserve your devices up-to-date as a result of even the seemingly innocuous tech you may have scattered round your own home can play host to a cyber assault.