Security News
HP announced in a security bulletin this week that it would take up to 90 days to patch a critical-severity vulnerability that impacts the firmware of certain business-grade printers. The security issue is tracked as CVE-2023-1707 and it affects about 50 HP Enterprise LaserJet and HP LaserJet Managed Printers models.
According to the Quocirca Print Security Landscape 2022 report, printer security is still some way down the worry list of most IT decision makers behind hybrid application platforms, email, public networks, and traditional endpoints. "Printer security is about understanding the threats to the network traffic, to the device itself and to the documents it prints. Every security feature you'll find in secure printers will address one of these categories of risk," he adds before going on to list a range of printer security issues.
Lexmark has released a security firmware update to fix a severe vulnerability that could enable remote code execution on more than 100 printer models. "Lexmark is not aware of any malicious use against Lexmark products of the vulnerability described in this advisory, but proof of concept code has been publicly published" - Lexmark.
Microsoft is now blocking the Windows 11 22H2 update from being offered because of compatibility issues affecting Windows devices with printers using Microsoft IPP Class Driver or Universal Print Class Driver. "Windows needs connectivity to the printer to identify all the features of the printer. Without connectivity, the printer is set up with default settings and in some scenarios might not get updated once connectivity to the printer is restored," Microsoft explained.
Looking ahead to next week, we have a server end-of-life and still more updates that can impact printers. There have been several updates to KB5005408 throughout the year to help administrators identify and manage these non-compliant printers.
HP has published security advisories for three critical-severity vulnerabilities affecting hundreds of its LaserJet Pro, Pagewide Pro, OfficeJet, Enterprise, Large Format, and DeskJet printer models.The first security bulletin warns about about a buffer overflow flaw that could lead to remote code execution on the affected machine.