HP has issued a security bulletin urging owners of certain LaserJet printers to apply a firmware update.
According to the company, the security vulnerability potentially allows hackers to gain unauthorised access to files stored on the printer via its web administration console.
This probably isn't the most serious vulnerability that the world has ever seen, but you can imagine that many IT departments will treat patching a printer as a very low priority compared to desktop computers and servers. The danger is that some companies will never find the resources to tackle the lower priority security issues, potentially leaving them in a risky state for the future.
This security bulletin also underlines the importance for all departments responsible for securing their companies against threats to maintain an eye on bulletins from not just operating systems vendors like Microsoft and Apple, and software companies like Adobe and Mozilla. A much broader view must be taken as to where vulnerabilities may be present, and what might be the security hole that brings your firm into difficult waters.
The affected printers are said to be the HP LaserJet 4345mfp, HP Color LaserJet 4730mfp, HP LaserJet 9040mfp, HP LaserJet 9050mfp, HP 9200C Digital Sender, HP Color LaserJet 9500mfp, HP LaserJet 2410, HP LaserJet 2420, HP LaserJet 2430, HP LaserJet 4250, HP LaserJet 4350, HP LaserJet 9040 and HP LaserJet 9050.