Have you patched your printer?

by Graham Cluley on February 6, 2009 | Comments Off

Filed Under: Data loss

printer
HP has issued a security bulletin urging owners of certain LaserJet printers to apply a firmware update.

According to the company, the security vulnerability potentially allows hackers to gain unauthorised access to files stored on the printer via its web administration console.

This probably isn't the most serious vulnerability that the world has ever seen, but you can imagine that many IT departments will treat patching a printer as a very low priority compared to desktop computers and servers. The danger is that some companies will never find the resources to tackle the lower priority security issues, potentially leaving them in a risky state for the future.

This security bulletin also underlines the importance for all departments responsible for securing their companies against threats to maintain an eye on bulletins from not just operating systems vendors like Microsoft and Apple, and software companies like Adobe and Mozilla. A much broader view must be taken as to where vulnerabilities may be present, and what might be the security hole that brings your firm into difficult waters.

The affected printers are said to be the HP LaserJet 4345mfp, HP Color LaserJet 4730mfp, HP LaserJet 9040mfp, HP LaserJet 9050mfp, HP 9200C Digital Sender, HP Color LaserJet 9500mfp, HP LaserJet 2410, HP LaserJet 2420, HP LaserJet 2430, HP LaserJet 4250, HP LaserJet 4350, HP LaserJet 9040 and HP LaserJet 9050.

Tags: , ,

About the author

Graham Cluley is senior technology consultant at Sophos. The readers of Computer Weekly voted him security blogger of the year in 2009 and 2010, and he pipped Stephen Fry to the title of "Twitter user of the year" too. Which was nice. He was also named "Best Security Blogger" by the readers of SC Magazine in 2011. You can subscribe to Graham's updates on Facebook, follow him on Twitter and circle him on Google Plus for regular updates.