HP sends out LaserJet printer patch alert

HP printer

HP has alerted owners of its LaserJet printers of a vulnerability that could lead to unauthorised access of files stored on those printers.

In its security bulletin, HP said 13 different models were affected by the flaw, and said owners should download and apply a firmware patch as soon as possible.

According to a listing on the Common Vulnerabilities and Exposures website, the problem is a "directory traversal vulnerability in the HP JetDirect web administration interface".

Printers are not often thought of as a security risk, but with many now featuring hard disks on which potentially sensitive data could be stored, it makes sense to ensure they are secure.

"Printers tend to be low on the priority list of systems or devices to be patched, this one will likely linger for years to come," said analyst Adrien de Beaupre of the Internet Storm Center.

"The impact might not seem severe, as in the attacker can view the printer configuration, however viewing cached versions of printed documents can be. Other than patching, disallowing access to the web admin interface is likely the only other mitigation."

Benny Har-Even

Benny Har-Even is a twenty-year stalwart of technology journalism who is passionate about all areas of the industry, but telecoms and mobile and home entertainment are among his chief interests. He has written for many of the leading tech publications in the UK, such as PC Pro and Wired, and previously held the position of technology editor at ITPro before regularly contributing as a freelancer.

Known affectionately as a ‘geek’ to his friends, his passion has seen him land opportunities to speak about technology on BBC television broadcasts, as well as a number of speaking engagements at industry events.