• Home
  • About
  • Contact us
Tech News, Magazine & Review WordPress Theme 2017
  • Computing
  • Entertainment
  • Gaming
  • Mobile
  • Science
  • Security
  • Services
  • Software
  • Space
No Result
View All Result
  • Computing
  • Entertainment
  • Gaming
  • Mobile
  • Science
  • Security
  • Services
  • Software
  • Space
Technovanguard — Be at the forefront of technology news
No Result
View All Result

HP Printer Flaw Puts 150 Models at Risk—Install this Patch Right Now

Justin Rowell by Justin Rowell
29.09.2022
Home Computing

Screenshot: F-Secure via Vimeo

HP printer owners should download the latest firmware to protect their devices from critical security flaws.

Researchers at F-Secure recently revealed serious vulnerabilities affecting approximately 150 HP printer models including HP Color LaserJet Enterprise, HP LaserJet Enterprise, HP PageWide, HP OfficeJet Enterprise Color, and HP ScanJet Enterprise 8500 FN1 Document Capture Workstation series.

Dubbed “Printing Shellz,” the flaw consists of two separate vulnerabilities that give attackers a way to steal your personal information. The flaw exists in the printers’ communication board and font parser. When exploited, an attacker can gain code execution rights to nab information from the printer or use the machine as a source for further attacks.

The more dangerous of the vulnerabilities, CVE-2021-39238 (CVSS score of 9.3), is a buffer overflow issue that’s wormable, meaning it can dig its way into other vulnerable multi-function printers. Moreover, the flaw can be executed remotely by luring a victim to a malicious website and delivering an exploit payload from the browser to the printer, a technique called cross-site printing.

Before you go Office Space on your HP, there is some reassuring news. A few months after F-Secure disclosed these flaws to HP in April, the tech company released patches to mitigate the risk. HP is now urging customers to go to the HP Software and Driver Downloads page and search for their specific printer model to install the patch. So far, there is no evidence of an exploitation of the vulnerabilities being carried out in the wild.

Save $59Apple AirPods

Turn up the volume

The latest AirPods 3 and Pro are on sale, but Apple's 2nd Generation AirPods—though getting older by the day—bring the heat with a 37% discount.

Buy AirPods 2 for $100 at Amazon

“Any organizations using affected devices should install the patches as soon as they’re available,” the researchers say. “While exploiting these issues is somewhat difficult, the public disclosure of these vulnerabilities will help threat actors know what to look for to attack vulnerable organizations.”

It’s also worth noting that the second issue, CVE-2021-39237 (CVSS score of 7.1), is caused by exposed ports, meaning physical access is required to carry out an attack. This can be done using a USB stick or by connecting to the printer’s Ethernet port. F-Secure recommends keeping the option to print from a USB disabled.

We typically associate malware with laptops, desktops, and banking services, but printers are a frequent target for hackers. In 2017, researchers discovered a group of vulnerabilities in at least 20 network printer models made by well-known brands, HP being one of them. And earlier this year, Microsoft released an emergency patch for a critical bug called “PrintNightmare” that gave attackers access to install malicious code.

Let this be a reminder to always keep your gadgets up-to-date because even the seemingly innocuous tech you have scattered around your house can play host to a cyber attack.


Next Post
Best Nintendo Switch accessories for 2021

Best Nintendo Switch accessories for 2021

Recommended.

How to Preserve Your Capital in a Tightened Regulatory Environment

How to Preserve Your Capital in a Tightened Regulatory Environment

01.02.2024
Tech Industry Faces Unprecedented Workforce Challenges as Layoffs Surpass 2022 Numbers

Tech Industry Faces Unprecedented Workforce Challenges as Layoffs Surpass 2022 Numbers

01.02.2024

Trending.

Google’s Financial Triumphs and Challenges: 100 Million Google One Subscribers, Cloud Profits, and Strategic Moves

Google’s Financial Triumphs and Challenges: 100 Million Google One Subscribers, Cloud Profits, and Strategic Moves

01.02.2024
Singtel Collaborates with Nvidia, Unveils Nxera for AI-Focused Datacenters Across Southeast Asia

Singtel Collaborates with Nvidia, Unveils Nxera for AI-Focused Datacenters Across Southeast Asia

01.02.2024
Technovanguard — Be at the forefront of technology news

Technovanguard - The latest news from the world of IT and modern technologies.

Categories

  • Computing
  • Entertainment
  • Gaming
  • Internet
  • Mobile
  • News
  • Science
  • Security
  • Services
  • Software
  • Space
  • Без рубрики

Tags

best bitcoin casino best bitcoin gambling site best crypto casino bitcoin gambling site btc casino FEATUREDNEWS linkedin connection message linkedin connection request template linkedin connect message examples linkedin networking message template linkedin sales message Recommended top bitcoin casinos Trending

Recent News

Residential homes made of foam

Prejudice to Foam and Its Impact on People’s Lives

02.04.2025
The Strategic Сooperation Between Marketing and Procurement: Unlocking Efficiency in Business Growth

The Strategic Сooperation Between Marketing and Procurement: Unlocking Efficiency in Business Growth

18.10.2024
  • Home
  • About
  • Contact us

© 2021 technovanguard.com. Submit news release

No Result
View All Result
  • Computing
  • Entertainment
  • Gaming
  • Mobile
  • Science
  • Security
  • Services
  • Software
  • Space

© 2021 technovanguard.com. Submit news release