HP said in an email viewed by PCMag that no reports have been made of the affected printers being accessed through the vulnerability, but pointed owners of LaserJet-branded printers to a list of affected products and instructions for fixing the bug on its tech support site.
The company didn't offer a lot of details about the vulnerability, which makes it possible to remotely install unauthorized printer firmware on the affected LaserJet products "on a public Internet without a firewall, or for LaserJet devices in a private network, if a malicious effort is made by a party on the private network to modify the firmware of the device."
Some of the affected LaserJet products require a firmware update that implements code signing to verify that firmware updates are properly signed and not malicious, while other devices on the list do not appear to require this step.
All of the devices should have their Remote Firmware Update capability disabled, though for some LaserJet products, this appears to require yet another separate firmware update HP is providing that allows the function to be turned off.
LaserJet owners should probably check out HP's list of affected printers and security bulletin, and if the process of applying the fix proves too complicated, get HP tech support on the horn and/or email them at Hewlett-Packard@urgentsupport.americas.hp.com.
For the top stories in tech, follow us on Twitter at @PCMag.
