HP has released firmware updates for some of its LaserJet printer models that aims to mitigate a security vulnerability discovered in November.
Researchers at Columbia University discovered that some HP LaserJet printers can be manipulated into accepting a modified firmware. The modified firmware can then be used to steal information, run network attacks or even cause physical damage to the printer.
The vulnerability can be exploited remotely if printers supporting the remote firmware update process are not properly protected by firewalls. Local attacks are another possibility.
Consult Researchers Find Security Vulnerability In Printers for additional information about the vulnerability.
A press release issued by HP on December 23 confirms the availability of firmware updates that mitigate the security vulnerability. HP LaserJet printer owners are asked to visit the HP Support website to download the firmware updates to their systems. Here they need to select Drivers & Software, enter the product name or number into the form and select the product from the listing to be taken to a page where they can download the latest printer firmware for that model.
HP is furthermore offering security guidance for imaging and printing on this web page.
The press release provides no details on the changes made by HP or on the printer models firmware updates have been released for. HP stated however that the company is communicating the availability of firmware updates "proactively to customers and partners". It is however not clear at the time of writing how update news are communicated to HP's customer base. The HP website for one is not listing the firmware update on the main page, nor on the support start page.
No customer of affected printers has reported unauthorized access to HP, according to the press release.
HP LaserJet users should seek out the HP Support page to find out if a firmware update is available for their printer. The firmware should be installed as soon as possible to protect the printer from the vulnerability.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.