• Home
  • About
  • Contact us
Tech News, Magazine & Review WordPress Theme 2017
  • Computing
  • Entertainment
  • Gaming
  • Mobile
  • Science
  • Security
  • Services
  • Software
  • Space
No Result
View All Result
  • Computing
  • Entertainment
  • Gaming
  • Mobile
  • Science
  • Security
  • Services
  • Software
  • Space
Technovanguard — Be at the forefront of technology news
No Result
View All Result

HP Printer Flaw Puts 150 Models at Risk—Install this Patch Right Now

Justin Rowell by Justin Rowell
29.09.2022
Home Computing

Screenshot: F-Secure via Vimeo

HP printer owners should download the latest firmware to protect their devices from critical security flaws.

Researchers at F-Secure recently revealed serious vulnerabilities affecting approximately 150 HP printer models including HP Color LaserJet Enterprise, HP LaserJet Enterprise, HP PageWide, HP OfficeJet Enterprise Color, and HP ScanJet Enterprise 8500 FN1 Document Capture Workstation series.

Dubbed “Printing Shellz,” the flaw consists of two separate vulnerabilities that give attackers a way to steal your personal information. The flaw exists in the printers’ communication board and font parser. When exploited, an attacker can gain code execution rights to nab information from the printer or use the machine as a source for further attacks.

The more dangerous of the vulnerabilities, CVE-2021-39238 (CVSS score of 9.3), is a buffer overflow issue that’s wormable, meaning it can dig its way into other vulnerable multi-function printers. Moreover, the flaw can be executed remotely by luring a victim to a malicious website and delivering an exploit payload from the browser to the printer, a technique called cross-site printing.

Before you go Office Space on your HP, there is some reassuring news. A few months after F-Secure disclosed these flaws to HP in April, the tech company released patches to mitigate the risk. HP is now urging customers to go to the HP Software and Driver Downloads page and search for their specific printer model to install the patch. So far, there is no evidence of an exploitation of the vulnerabilities being carried out in the wild.

Save $59Apple AirPods

Turn up the volume

The latest AirPods 3 and Pro are on sale, but Apple's 2nd Generation AirPods—though getting older by the day—bring the heat with a 37% discount.

Buy AirPods 2 for $100 at Amazon

“Any organizations using affected devices should install the patches as soon as they’re available,” the researchers say. “While exploiting these issues is somewhat difficult, the public disclosure of these vulnerabilities will help threat actors know what to look for to attack vulnerable organizations.”

It’s also worth noting that the second issue, CVE-2021-39237 (CVSS score of 7.1), is caused by exposed ports, meaning physical access is required to carry out an attack. This can be done using a USB stick or by connecting to the printer’s Ethernet port. F-Secure recommends keeping the option to print from a USB disabled.

We typically associate malware with laptops, desktops, and banking services, but printers are a frequent target for hackers. In 2017, researchers discovered a group of vulnerabilities in at least 20 network printer models made by well-known brands, HP being one of them. And earlier this year, Microsoft released an emergency patch for a critical bug called “PrintNightmare” that gave attackers access to install malicious code.

Let this be a reminder to always keep your gadgets up-to-date because even the seemingly innocuous tech you have scattered around your house can play host to a cyber attack.


Next Post
Best Nintendo Switch accessories for 2021

Best Nintendo Switch accessories for 2021

Recommended.

How Do We Know What Neanderthals Looked Like?

How Do We Know What Neanderthals Looked Like?

29.09.2022
Quantinuum Announces Quantum Volume 4096 Achievement

Quantinuum Announces Quantum Volume 4096 Achievement

29.09.2022

Trending.

Netflix’s vampire movie Day Shift adds real bite to a classic action throwback

Netflix’s vampire movie Day Shift adds real bite to a classic action throwback

30.03.2023
Staying Ahead of the Game: The Top 10 Most Popular Websites for IT and Modern Technology

Staying Ahead of the Game: The Top 10 Most Popular Websites for IT and Modern Technology

30.01.2023
Travel Business and Content Marketing: A Match Made in Heaven

Travel Business and Content Marketing: A Match Made in Heaven

07.02.2023
Join MDM for a holiday happy hour in Austin on December 16th

Join MDM for a holiday happy hour in Austin on December 16th

29.09.2022
The creator of Celebrity Deathmatch looks back at the versus show’s weirdest highlights

The creator of Celebrity Deathmatch looks back at the versus show’s weirdest highlights

29.09.2022
Technovanguard — Be at the forefront of technology news

Technovanguard - The latest news from the world of IT and modern technologies.

Categories

  • Computing
  • Entertainment
  • Gaming
  • Internet
  • Mobile
  • Science
  • Security
  • Services
  • Software
  • Space
  • Без рубрики

Tags

best bitcoin casino best bitcoin gambling site best crypto casino bitcoin gambling site btc casino FEATUREDNEWS linkedin connection message linkedin connection request template linkedin connect message examples linkedin networking message template linkedin sales message top bitcoin casinos

Recent News

Ukrainian Soldier on Prosthesis to Participate in 2023 TCS London Marathon

Ukrainian Soldier on Prosthesis to Participate in 2023 TCS London Marathon

28.03.2023
Talents on AI: Kyiv to Host Three-Day Hackathon Connecting Developers and Sponsors in May 2023

Talents on AI: Kyiv to Host Three-Day Hackathon Connecting Developers and Sponsors in May 2023

07.03.2023
  • Home
  • About
  • Contact us

© 2021 technovanguard.com. Submit news release

No Result
View All Result
  • Computing
  • Entertainment
  • Gaming
  • Mobile
  • Science
  • Security
  • Services
  • Software
  • Space

© 2021 technovanguard.com. Submit news release