1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Lexmark security bug leaves thousands of its printers open to att

    From TechnologyDaily@1337:1/100 to All on Fri Jan 27 16:45:03 2023
    Lexmark security bug leaves thousands of its printers open to attack

    Date:
    Fri, 27 Jan 2023 16:42:10 +0000

    Description:
    Vendor warns of proof of concept exploits and urges customers to update as soon as possible.

    FULL STORY ======================================================================

    Lexmark has urged its customers to update their printer s firmware, following the publication of a proof-of-concept (PoC) exploit allowing remote code execution (RCE).

    The exploit in question, designated CVE-2023-23560, can give attackers access to print job queues, reveal Wi-Fi network credentials, and allow access to other devices on a network.

    Lexmark wrote in a security advisory that while it doesnt believe the exploit is being widely used, more than 100 printer models are at risk of compromise while running pre- patch firmware. Lexmark firmware versions

    Per BleepingComputer , firmware versions across all devices numbered 081.233 and below are vulnerable to RCE attacks, while fixed versions are numbered 081.234 or higher. Firmware versions released on or after January 18, 2022
    are considered safe.

    To retrieve their current firmware version, Lexmark users can navigate to the Device Information section located on the Menu Setting Page of the Reports section of their device settings.

    New firmware for affected printers can, as ever, be obtained from Lexmarks driver download portal and, depending on the operating system of a users PC such as Windows or Linux , be installed either via USB or via network methods such as the File Transfer Protocol (FTP).

    Those who, for whatever reason, cant apply the firmware update are advised to disable the web services feature, blocking the exploit albeit at the expense of the device's internet-connected functionality.

    To do this, users should navigate to the Network/Ports section of the
    settings menu, then the TCP/IP option, followed by the TCP/IP Port Access menu, before disabling TCP 65002 (WSD Print Service). Read more

    Bitdefender wants to help secure your office printer


    Old printer not working with Windows 11? Try this


    Check out our list of the best workgroup printers right now

    Whether its a printer, a phone, a fridge, or anything else, devices capable
    of being connected to the internet can pose a risk to network security and
    the identities of users, and should be updated regularly.

    Businesses and prosumers alike are advised to use separate, randomly
    generated passwords , stored in a password manager , across all their devices to decrease the chances of attackers using RCE exploits to invade a network. In addition, they could avoid a wireless printer altogether. Heres our list
    of the best small business firewalls right now



    ======================================================================
    Link to news story: https://www.techradar.com/news/lexmark-security-bug-leaves-thousands-of-its-pr inters-open-to-attack


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)