Security Experts:

HP Issues Fix to Address Security Vulnerability in LaserJet Firmware

In late November, news surfaced that researchers from Columbia University had discovered vulnerabilities in upgradeable firmware in HP laser printers that could be compromised and modified by an attacker, enabling them to do anything from overheating the printer, to compromising a network, with some saying that the devices could even be set up in flames.

While HP responded saying the reports of devices being able to be set on fire remotely were “sensational and inaccurate,” it did acknowledge existence of a security vulnerability related to the firmware in some its LaserJet printers.

HP has now released a firmware update to mitigate this issue and is in the process of notifying customers and partners. The company repeated is earlier statement that “no customer has reported unauthorized access” and reiterated its recommendation to follow best practices for securing devices by placing printers behind a firewall and, where possible, disabling remote firmware upload on exposed printers.

The firmware update can be found here and selecting Drivers.

Related Story: HP Printer Firmware Vulnerabilities: FUD or Fire?

Subscribe to the SecurityWeek Email Briefing
view counter