HP sends out LaserJet printer patch alert
Even printers are now vulnerable to hackers, as HP warns LaserJet owners over remote vulnerability.


HP has alerted owners of its LaserJet printers of a vulnerability that could lead to unauthorised access of files stored on those printers.
In its security bulletin, HP said 13 different models were affected by the flaw, and said owners should download and apply a firmware patch as soon as possible.
According to a listing on the Common Vulnerabilities and Exposures website, the problem is a "directory traversal vulnerability in the HP JetDirect web administration interface".
Printers are not often thought of as a security risk, but with many now featuring hard disks on which potentially sensitive data could be stored, it makes sense to ensure they are secure.
"Printers tend to be low on the priority list of systems or devices to be patched, this one will likely linger for years to come," said analyst Adrien de Beaupre of the Internet Storm Center.
"The impact might not seem severe, as in the attacker can view the printer configuration, however viewing cached versions of printed documents can be. Other than patching, disallowing access to the web admin interface is likely the only other mitigation."
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
Benny Har-Even is a twenty-year stalwart of technology journalism who is passionate about all areas of the industry, but telecoms and mobile and home entertainment are among his chief interests. He has written for many of the leading tech publications in the UK, such as PC Pro and Wired, and previously held the position of technology editor at ITPro before regularly contributing as a freelancer.
Known affectionately as a ‘geek’ to his friends, his passion has seen him land opportunities to speak about technology on BBC television broadcasts, as well as a number of speaking engagements at industry events.
-
Cleo attack victim list grows as Hertz confirms customer data stolen
News Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
By Ross Kelly
-
Lateral moves in tech: Why leaders should support employee mobility
In-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
By Keri Allan
-
Apple macOS Catalina will be incompatible with more than 200 apps
News The latest iteration of Apple's operating system omits a lot of popular programs for UK businesses
By Connor Jones
-
Blackberry Storm fixes on the way
News The much hyped, but much troubled touch-screen Blackberry Storm is to receive firmware update to cure bugs.
By Benny Har-Even
-
New iPhone firmware leads to huge security blunder
News The new iPhone update may have fixed some of the problems that users have been complaining about, but it has left a big security problem.
By Asavin Wattanajantra