HP releases firmware "mitigation" for LaserJet vulnerability
We reported a while back that a security vulnerability had been discovered in some Hewlett-Packard LaserJet printers that could render them vulnerable to unauthorized access, although HP said there had been no real-world cases of such access occurring. The problem was that the software that enables updates over the Internet doesn't verify the authenticity of those updates, so an attacker could apply a malicious update. HP was even sued over this issue.
Now the company has release a new firmware version that it says will "mitigate" the issue - although it doesn't claim to be a full-blown fix. HP recommends that you still take steps such as placing the printers behind firewalls and disabling remote firmware uploads to prevent an attack using this exploit.
Read more:
http://news.cnet.com/8301-1009_3-57347817-83/hp-fi...3-0-20