Product reviews, deals and the latest tech news

A security flaw in Lexmark leaves thousands of its printers vulnerable to attack

After a proof-of-concept (PoC) attack for remote code execution was released, Lexmark advised its customers to update the firmware on their printers (RCE).

This flaw, identified as CVE-2023-23560, may be used by attackers to get access to sensitive information, such as print job queues, Wi-Fi network passwords, and other networked devices.

While Lexmark does not think this vulnerability is being extensively exploited, it did note in a security alert that pre-patch firmware puts more than 100 printer types at risk of penetration.

Different Lexmark Firmware Versions

All firmware versions 081.233 and below are susceptible to RCE attacks, whereas versions 081.234 and above have been patched. If the firmware release date is after January18,2022, it is safe to use.

The “Device Information” sub-part of the “Menu Setting Page” of the “Reports” section of a Lexmark device’s settings is where users may find the most up-to-date version of the firmware installed on their device.

Lexmark’s driver download page is still the best place to get the latest firmware for impacted printers, and users may update their printers using USB or network means like the File Transfer Protocol on their Windows or Linux computers (FTP).

If you’re unable to deploy the firmware update, you may still protect yourself against the attack by turning off the device’s web services, albeit this will prevent your device from connecting to the internet.

To disable “TCP 65002 (WSD Print Service),” users must first access the “Network/Ports” submenu, then the “TCP/IP” option, and finally the “TCP/IP Port Access” menu.

Any internet-capable equipment, whether it a printer, phone, fridge, or anything else, may compromise network security and user identities, therefore it’s important to keep them up to date.

To lessen the likelihood of an RCE vulnerability being used to infiltrate a network, businesses and prosumers alike are encouraged to utilise unique, randomly generated passwords across all devices and store them in a centralised password manager. Plus, they wouldn’t need to bother with a wireless printer.