HP LaserJet Firmware Update Mitigates Security Problems

Martin Brinkmann
Dec 26, 2011
Updated • Dec 18, 2014

HP has released firmware updates for some of its LaserJet printer models that aims to mitigate a security vulnerability discovered in November.

Researchers at Columbia University discovered that some HP LaserJet printers can be manipulated into accepting a modified firmware. The modified firmware can then be used to steal information, run network attacks or even cause physical damage to the printer.

The vulnerability can be exploited remotely if printers supporting the remote firmware update process are not properly protected by firewalls. Local attacks are another possibility.

Consult Researchers Find Security Vulnerability In Printers for additional information about the vulnerability.

A press release issued by HP on December 23 confirms the availability of firmware updates that mitigate the security vulnerability. HP LaserJet printer owners are asked to visit the HP Support website to download the firmware updates to their systems. Here they need to select Drivers & Software, enter the product name or number into the form and select the product from the listing to be taken to a page where they can download the latest printer firmware for that model.

HP is furthermore offering security guidance for imaging and printing on this web page.

The press release provides no details on the changes made by HP or on the printer models firmware updates have been released for. HP stated however that the company is communicating the availability of firmware updates "proactively to customers and partners". It is however not clear at the time of writing how update news are communicated to HP's customer base. The HP website for one is not listing the firmware update on the main page, nor on the support start page.

No customer of affected printers has reported unauthorized access to HP, according to the press release.

HP LaserJet users should seek out the HP Support page to find out if a firmware update is available for their printer. The firmware should be installed as soon as possible to protect the printer from the vulnerability.


Previous Post: «
Next Post: «


  1. Pozycjonowanie Kielce said on February 17, 2012 at 2:20 pm

    Thank you for the auspicious writeup. It in fact was a amusement account it. Look advanced to more added agreeable from you! However, how can we communicate?

  2. rahul said on February 3, 2012 at 5:07 am

    i am stuck with my printer’s bad ink performance, any suggestions for gud printer

  3. Carla said on December 29, 2011 at 2:24 pm

    I received a promp to download this software on Dec 27th 2011. I did so. One was HPU software utility, the other was the “critical update to correct a PC to Printer Communication Issue.” The 2nd item was still “installing” after an hour and seemed hung. I cxlld the install, but my printer and PC which previously worked had stopped communicating. I restarted my computer and got….the blank “HP screen.” Windows XP would not start. Finally a friend helped me restart but I had to disconnect both printers to do so. Also an awful noise was emitted from my tower. Anyone experience this problem?

  4. ilev said on December 27, 2011 at 9:22 am

    Remember that HP, at first, denied that such a vulnerability exists ?

    HP Refutes Inaccurate Claims; Clarifies on Printer Security

    HP today issued the following statement:

    Today there has been sensational and inaccurate reporting regarding a potential security vulnerability with some HP LaserJet printers. No customer has reported unauthorized access. Speculation regarding potential for devices to catch fire due to a firmware change is false.

    HP LaserJet printers have a hardware element called a “thermal breaker” that is designed to prevent the fuser from overheating or causing a fire. It cannot be overcome by a firmware change or this proposed vulnerability…..


    1. Martin Brinkmann said on December 27, 2011 at 10:54 am

      Begs to question why they had to release a firmware update then.

      1. ilev said on December 27, 2011 at 7:21 pm

        Later HP has acknowledged that there are security risks in HP’s laser printers :-)

        On Nov. 29, HP announced that the potential existed for a
        certain type of unauthorized access to some HP LaserJet
        printers and confirmed it has received no customer reports
        of unauthorized access.

  5. velociraptor said on December 26, 2011 at 10:03 pm

    HP is the Wworst Manufacturer in the world , Please stay away

  6. Jojo said on December 26, 2011 at 9:25 pm

    Was HP the ONLY printer manufacturer with this exposure?

  7. DanTe said on December 26, 2011 at 9:25 pm

    Thanks for the update. Since I don’t register my products for spam, I don’t know about these things until some news site reports it. Thanks again.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.