{"id":69,"date":"2009-02-09T14:13:47","date_gmt":"2009-02-09T20:13:47","guid":{"rendered":"http:\/\/www.digitallachance.com\/blog\/?p=69"},"modified":"2009-02-09T14:13:47","modified_gmt":"2009-02-09T20:13:47","slug":"time-to-patch-your-printers","status":"publish","type":"post","link":"http:\/\/digitallachance.com\/blog\/2009\/02\/time-to-patch-your-printers\/","title":{"rendered":"Time to patch your printers"},"content":{"rendered":"<p>This might surprise some, but printers need patching too.\u00a0 The rule of thumb you should use is<em> if it has an IP address, then it can be vulnerable and will most likely require a patch at some point in time.<\/em><\/p>\n<p>SANS handler&#8217;s diary has just published such a story &#8211; <a href=\"http:\/\/isc.sans.org\/diary.html?storyid=5809\">Time to patch your HP printers<\/a>.\u00a0 The actual HP bulletin is <a title=\"HP Web Jetadmin Software - HPSBPI02398 SSRT080166 rev.1 - Certain HP LaserJet Printers, HP Color LaserJet Printers, and   HP Digital Senders, Remote Unauthorized Access to Files - c01623905 - HP Business Support Center\" href=\"http:\/\/h20000.www2.hp.com\/bizsupport\/TechSupport\/Document.jsp?objectID=c01623905\" target=\"_blank\">here<\/a>.\u00a0 Looks like PC Advisor also <a title=\"HP printer owners exposed by web hack\" href=\"http:\/\/www.pcadvisor.co.uk\/news\/index.cfm?NewsID=110590\" target=\"_blank\">picked up the story<\/a>.<\/p>\n<p>The easiest way to do the firmware upgrade is to use HP&#8217;s <a title=\"HP Web Jetadmin software - overview and features\" href=\"http:\/\/h20338.www2.hp.com\/Hpsub\/cache\/332262-0-0-225-121.html\" target=\"_blank\">Web Jetadmin<\/a>.\u00a0 Using Web Jetadmin, you can discover all your printers on your LAN and remotely do firmware upgrades.<\/p>\n<p>Although this vulnerability only allows the bad guys to access any files on the printer (and therefore view previously printed documents), I can foresee printers being used as a staging point for more serious things.\u00a0 The reason is that printers have not received the same amount of scrutiny that workstations\/serves have and most likely are softer targets.\u00a0 As well, printers do not run anti-virus or other kind of defensive software.\u00a0 So what should you do?\u00a0 Here are a few things that will harden your printers:<\/p>\n<ol>\n<li>Use a central management console like Web Jetadmin.\u00a0 This will allow you to discover any new printers added and to easily deploy the latest firmware.<\/li>\n<li>Keep up with the firmware releases.\u00a0 This is probably a difficult one to do, especially if you use printers from a number of vendors.\u00a0 You should at least do a round of patching once a year.<\/li>\n<li>Scan your printers for vulnerabilities.\u00a0 Make sure to use a tool that can differentiate between a printer device and a workstation.\u00a0 If it doesn&#8217;t, scanning can lead to lockups and rebooting of your printers.\u00a0 Not so good if it&#8217;s in the middle of printing a big color job by your boss.\u00a0 Nessus scanner is one such scanner.\u00a0 Be warned that scanning your printer will probably cause it to print a few pages.<\/li>\n<\/ol>\n<p>If anyone else has anything else that they do to harden their printers, please use the comments below.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>HP revealed a new vulnerability that a directory traversal issue in the web admin interface allows remote user to view files on the printers.  Should you start including printers in your patching policies?  Here are some things you should do to protect yourself.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[11],"tags":[28,30,39,43],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v15.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Time to patch your printers - IT A Digital Life<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/digitallachance.com\/blog\/2009\/02\/time-to-patch-your-printers\/\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\">\n\t<meta name=\"twitter:data1\" content=\"2 minutes\">\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/digitallachance.com\/blog\/#website\",\"url\":\"https:\/\/digitallachance.com\/blog\/\",\"name\":\"IT A Digital Life\",\"description\":\"All things digital\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":\"https:\/\/digitallachance.com\/blog\/?s={search_term_string}\",\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/digitallachance.com\/blog\/2009\/02\/time-to-patch-your-printers\/#webpage\",\"url\":\"https:\/\/digitallachance.com\/blog\/2009\/02\/time-to-patch-your-printers\/\",\"name\":\"Time to patch your printers - IT A Digital Life\",\"isPartOf\":{\"@id\":\"https:\/\/digitallachance.com\/blog\/#website\"},\"datePublished\":\"2009-02-09T20:13:47+00:00\",\"dateModified\":\"2009-02-09T20:13:47+00:00\",\"author\":{\"@id\":\"https:\/\/digitallachance.com\/blog\/#\/schema\/person\/8a2f0b2a18af80d71541deadfac4d02f\"},\"breadcrumb\":{\"@id\":\"https:\/\/digitallachance.com\/blog\/2009\/02\/time-to-patch-your-printers\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/digitallachance.com\/blog\/2009\/02\/time-to-patch-your-printers\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/digitallachance.com\/blog\/2009\/02\/time-to-patch-your-printers\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"item\":{\"@type\":\"WebPage\",\"@id\":\"https:\/\/digitallachance.com\/blog\/2009\/02\/time-to-patch-your-printers\/\",\"url\":\"https:\/\/digitallachance.com\/blog\/2009\/02\/time-to-patch-your-printers\/\",\"name\":\"Time to patch your printers\"}}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/digitallachance.com\/blog\/#\/schema\/person\/8a2f0b2a18af80d71541deadfac4d02f\",\"name\":\"Francois\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/digitallachance.com\/blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"http:\/\/0.gravatar.com\/avatar\/ce2ee0649f3fb6a643ffff9a9f1e63e4?s=96&d=mm&r=g\",\"caption\":\"Francois\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","_links":{"self":[{"href":"http:\/\/digitallachance.com\/blog\/wp-json\/wp\/v2\/posts\/69"}],"collection":[{"href":"http:\/\/digitallachance.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/digitallachance.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/digitallachance.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/digitallachance.com\/blog\/wp-json\/wp\/v2\/comments?post=69"}],"version-history":[{"count":0,"href":"http:\/\/digitallachance.com\/blog\/wp-json\/wp\/v2\/posts\/69\/revisions"}],"wp:attachment":[{"href":"http:\/\/digitallachance.com\/blog\/wp-json\/wp\/v2\/media?parent=69"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/digitallachance.com\/blog\/wp-json\/wp\/v2\/categories?post=69"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/digitallachance.com\/blog\/wp-json\/wp\/v2\/tags?post=69"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}