HP reported online Friday the new firmware for its LaserJet laser printers. This update has limited the scope of a major discovery vulnerability late November.
The American HP announced Friday the launch of new firmwares for the LaserJet family of network printers. The update is recommended for all: it intervenes in effect following the discovery in late November, a major vulnerability that could allow remote printer control.
“HP has developed an update to mitigate the problem and actively communicating with its customers and partners , “the manufacturer, who do not speak of a pure and simple correction, and does not specify the exact scope of the patch. It also reaffirms that no customer has manifested to report having been the victim of an intrusion made possible by the vulnerability, and recalls that it is wiser to place his printer behind a firewall.
It also suggests off on the affected models, the automatic update of the firmware. Indeed, it is through this that the vulnerability could be exploited. When the function is active, the printer checks regularly if indeed an update available. Now, according to the researchers who discovered the flaw, these updates are not protected by a signature or a certificate: it would be possible to distribute a modified file to fool the printer and corrupt the integrity .
In early December, a US court has attacked HP following the discovery of this vulnerability. The update isdistributed via the HP support site (select the country, then the printer model you want to access the download).