Patches are not always available for critical flaws

I write a lot about patches being one of the most important steps in any cyber security plan – a quick search for “patches” on this site will show you how important they are.

However you also need more in your cyber security plan than simply software patching as vendors cannot always patch quickly enough to fix an exploited flaw. In that circumstance you need to be aware there is an issue with your systems and take whatever mitigation the vendor suggests to keep you secure whilst a patch is written, tested and distributed. Read about HP’s patching issues here:

HP to patch critical bug in LaserJet printers within 90 days (bleepingcomputer.com)

It looks like a wait for this patch and the risks are low but you should still check if this impacts your networked printers.

Do you have a LaserJet printer?

This article speaks about this being an enterprise level issue, however we have one of the affected printers in our SOHO set up here. So I have checked the settings on our printer.

I also took the opportunity to check for firmware updates.

Do you have a printer on the list?

When was the last time you ran a firmware update?

Turn off features you do not use!

A good step in printer security is to turn off all the extra features you do not use – for instance “internet printing”.

Patches and Updates

Over at Octagon they always recommend HP LaserJet printers to clients, as they have a versatile set of features, work well and are reliable (the printers that is, although I suppose it does apply to our support team as well). So the support team now have the job of checking if any of the printers they look after are impacted by this issue and they will check if our clients have printers they lease that are affected and take action over those as well.

Do you want to know more?

Clive Catton MSc (Cyber Security) – by-line and other articles

My advice: Either you or your IT support need to check whether these issues impact your systems. You need to have a master document that details your systems, hardware, software, online, networks, back-ups, suppliers etc – so when cyber security (or operational) issues arise you and your support teams can quickly check if you are affected. From there you can take fast, effective action.

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.