I write a lot about patches being one of the most important steps in any cyber security plan – a quick search for “patches” on this site will show you how important they are.
However you also need more in your cyber security plan than simply software patching as vendors cannot always patch quickly enough to fix an exploited flaw. In that circumstance you need to be aware there is an issue with your systems and take whatever mitigation the vendor suggests to keep you secure whilst a patch is written, tested and distributed. Read about HP’s patching issues here:
HP to patch critical bug in LaserJet printers within 90 days (bleepingcomputer.com)
It looks like a wait for this patch and the risks are low but you should still check if this impacts your networked printers.
Do you have a LaserJet printer?
This article speaks about this being an enterprise level issue, however we have one of the affected printers in our SOHO set up here. So I have checked the settings on our printer.
I also took the opportunity to check for firmware updates.
Do you have a printer on the list?
When was the last time you ran a firmware update?
Turn off features you do not use!
A good step in printer security is to turn off all the extra features you do not use – for instance “internet printing”.
Patches and Updates
Over at Octagon they always recommend HP LaserJet printers to clients, as they have a versatile set of features, work well and are reliable (the printers that is, although I suppose it does apply to our support team as well). So the support team now have the job of checking if any of the printers they look after are impacted by this issue and they will check if our clients have printers they lease that are affected and take action over those as well.
Clive Catton MSc (Cyber Security) – by-line and other articles
My advice: Either you or your IT support need to check whether these issues impact your systems. You need to have a master document that details your systems, hardware, software, online, networks, back-ups, suppliers etc – so when cyber security (or operational) issues arise you and your support teams can quickly check if you are affected. From there you can take fast, effective action.