Published: October 21, 2021 on our newsletter Security Fraud News & Alerts Newsletter.
Raise your hand if you’re among the millions using a printer for personal or business needs. Now, raise your hand again if you thought your printer would ever need a security patch. You’re likely among those who had no clue printers could even have a security flaw. Thanks to an inadvertent discovery by Sentinel Labs, a printer security bug they labeled as “high severity” was found in several brands of printers. Hard to believe, but it only took 16 years for this security bug to be found.
While installing a new printer, it was brought to their attention at Sentinel that something wasn’t right. That “something” was a flaw in the printer kernel driver software found in millions of HP, Samsung, and Xerox printers dating back to 2005. The kernel driver is the core component of an operating system and when it’s compromised, bad actors can exploit your system any way they choose. The flaw gives system-level privileges to hackers, a situation that no business – or individual, wants to happen.
Sentinel Labs says the flaw “affects over 380 different HP and Samsung printer modules as well as at least a dozen different Xerox products. Since all of these models are manufactured by HP, we reported the vulnerability to them.”
Patch Now, Not Later
It’s easy to wonder how important this update patch really is, after all, it’s existed for 16 years without incident – that anyone knows of. However, now that the flaw has been publicly exposed, you can bet hackers are already busy exploiting it. Like other software bugs, taking a few minutes to patch it can save untold hours of recovery from cyberattacks.
Eligible printer owners should go to the HP Customer Support site and input your printer model number. According to HP, the patches are labeled “Printer_CVE-2021-3438_update.exe” for the vulnerable products. Once you’ve found your printer model listed, follow the prompts to download and fix the flaw. Even if you’re not sure your printer model needs the patch, you should update the driver out of an abundance of caution.
Remember that popups that randomly appear when browsing, may not be legitimate. So, go directly to the manufacturer’s website to get the real ones.
It’s recommended not to wait to patch any flaw, since every moment wasted translates to opportunities for bad actors. And for a business owner, waiting can be even more consequential. If you find the patch isn’t yet available for your printer model, sign-up for an alert from HP when it’s ready. Waiting to fix a vulnerability is never a “best practice” option for individuals and companies alike.
PS. Your printer security patch is waiting…
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org