Image: HP

Security researchers have discovered an HP printer driver vulnerability affecting millions of HP, Samsung, and Xerox devices. Tracked as CVE-2021-3438 and marked with CVSS Score 8.8, the high-severity driver flaw could allow attackers to bypass security measures, install programs, delete data, and even create new accounts with elevated user rights. Luckily, HP has already released a security update that can be obtained here (hit “affected products” for a full list of affected printer models). Xerox has also uploaded a document that includes links to security patches designed to address CVE-2021-3438.

Image: SentinelLabs

This high severity vulnerability, which has been present in HP, Samsung, and Xerox printer software since 2005, affects millions of devices and likely millions of users worldwide. Similar to previous vulnerabilities we have disclosed that remained hidden for 12 years, the impact this could have on users and enterprises that fail to patch is far-reaching and significant.

Source: SentinelLabs (via ThreatPost)

Don’t Miss Out on More FPS Review Content!

Our weekly newsletter includes a recap of our reviews and a run down of the most popular tech news that we published.

Join the Conversation

10 Comments

  1. I’m still not sure why we print so much in 2021. Printing seems largely unnecessary and wasteful to me. Most things can be done electronically now.

    [ATTACH type=”full”]1182[/ATTACH]

  2. [QUOTE=”Dan_D, post: 38329, member: 6″]
    I’m still not sure why we print so much in 2021. Printing seems largely unnecessary and wasteful to me. Most things can be done electronically now.
    [/QUOTE]

    Mostly shipping labels or work related stuff for me.

  3. [QUOTE=”Dan_D, post: 38329, member: 6″]
    I’m still not sure why we print so much in 2021. Printing seems largely unnecessary and wasteful to me. Most things can be done electronically now.
    [/QUOTE]

    I have two printers in the house, both networked laser printers. (HP LaserJet 2055dn, HP Color LaserJet MFP m277c6)

    Most of my use has been for work, for populating paper forms, and signing them.

    The technology does exist to do a lot of that electronically, but when you do – at least in regulated industries – you have to undergo very significant validation and testing activities to prove to your regulators that everything works the way it is supposed to, approvals are actually approvals, nothing can progress without the right people approving it, no one can sign for anyone else, etc. etc. etc.

    It’s a massive undertaking to get one of these systems up, and you can’t just buy something pre-validated, as you have to validate and test in your own environment. And when that environment changes, you need to do it again (or at least assess, and justify (in writing) that there was no impact, if you can.)

    Larger organizations usually have all the electronic signatures and everything tested and set up, but smaller ones often struggle to get there bit by bit validating systems as they are needed, and in the short term printing, signing (and in some cases scanning) everything.

  4. [QUOTE=”Zarathustra, post: 38365, member: 203″]
    I have two printers in the house, both networked laser printers. (HP LaserJet 2055dn, HP Color LaserJet MFP m277c6)

    Most of my use has been for work, for populating paper forms, and signing them.

    The technology does exist to do a lot of that electronically, but when you do – at least in regulated industries – you have to undergo very significant validation and testing activities to prove to your regulators that everything works the way it is supposed to, approvals are actually approvals, nothing can progress without the right people approving it, no one can sign for anyone else, etc. etc. etc.

    It’s a massive undertaking to get one of these systems up, and you can’t just buy something pre-validated, as you have to validate and test in your own environment. And when that environment changes, you need to do it again (or at least assess, and justify (in writing) that there was no impact, if you can.)

    Larger organizations usually have all the electronic signatures and everything tested and set up, but smaller ones often struggle to get there bit by bit validating systems as they are needed, and in the short term printing, signing (and in some cases scanning) everything.
    [/QUOTE]

    I’m aware. However, from a purely technological perspective we don’t need paper for hardly anything anymore, yet it’s use still persists.

    [ATTACH type=”full”]1183[/ATTACH]

  5. [QUOTE=”Dan_D, post: 38373, member: 6″]
    I’m aware. However, from a purely technological perspective we don’t need paper for hardly anything anymore, yet it’s use still persists.
    [/QUOTE]
    I am fond of paper vs a bidet. Or three shells.

  6. [QUOTE=”Dan_D, post: 38373, member: 6″]
    I’m aware. However, from a purely technological perspective we don’t need paper for hardly anything anymore, yet it’s use still persists.
    [/QUOTE]
    Good god man! What will people use for straws then?!

  7. [QUOTE=”Dogsofjune, post: 38381, member: 168″]
    Good god man! What will people use for straws then?!
    [/QUOTE]
    OMG F paper straws right in the paper straw hole

  8. [QUOTE=”Dan_D, post: 38373, member: 6″]
    I’m aware. However, from a purely technological perspective we don’t need paper for hardly anything anymore, yet it’s use still persists.
    [/QUOTE]

    Yeah, if I could just stop getting all this mail I would be a much happier person. Why we insist on paying a person to deliver pieces of paper in the internet age is beyond me.

    There seems to be some sort of thought process that if it arrives via mail it is evidence that the person has seen it. That’s certainly not the case for me. Things that arrive via mail go into a big pile. I’ll get around to opening and reading them…

    ,,,some day.

  9. [QUOTE=”Zarathustra, post: 38411, member: 203″]
    Yeah, if I could just stop getting all this mail I would be a much happier person. Why we insist on paying a person to deliver pieces of paper in the internet age is beyond me.

    There seems to be some sort of thought process that if it arrives via mail it is evidence that the person has seen it. That’s certainly not the case for me. Things that arrive via mail go into a big pile. I’ll get around to opening and reading them…

    ,,,some day.
    [/QUOTE]
    Sadly, that junk mail that we all hate is the only thing keeping the USPS afloat. I struggle with it: almost anything I get via USPS are things I don’t want – bills, junk mail, adverts, etc. So part of me just says let it die anyway. Nothing that arrives in the mail box sparks joy any longer.

    But thinking about it more – yeah we probably need it, at least until we do something like national email and universal internet access, or more likely, free cellular phones and access (at which point that will just become the new spam drop-off point). USPS mail is the one point of contact you can get, for “free”, pretty much anywhere in the United States (You do need a place of residence, which is problematic for the homeless, but that gets into an entire different discussion).

    I abhor the fact that Amazon uses USPS for delivery for my Prime stuff here, it always arrives at least one day late. And lately, UPS has been dropping off smaller packages at USPS here rather than taking it last-mile to my house – again, delaying everything by at least a day.

    That said, for where I live, I suppose I should be grateful that I get delivery of anything, let alone it being a day or two late.

  10. [QUOTE=”Brian_B, post: 38414, member: 96″]
    Sadly, that junk mail that we all hate is the only thing keeping the USPS afloat. I struggle with it: almost anything I get via USPS are things I don’t want – bills, junk mail, adverts, etc. So part of me just says let it die anyway. Nothing that arrives in the mail box sparks joy any longer.

    But thinking about it more – yeah we probably need it, at least until we do something like national email and universal internet access, or more likely, free cellular phones and access (at which point that will just become the new spam drop-off point). USPS mail is the one point of contact you can get, for “free”, pretty much anywhere in the United States (You do need a place of residence, which is problematic for the homeless, but that gets into an entire different discussion).

    I abhor the fact that Amazon uses USPS for delivery for my Prime stuff here, it always arrives at least one day late. And lately, UPS has been dropping off smaller packages at USPS here rather than taking it last-mile to my house – again, delaying everything by at least a day.

    That said, for where I live, I suppose I should be grateful that I get delivery of anything, let alone it being a day or two late.
    [/QUOTE]

    On somewhat of a tangent, I once started the process of trying to prevent the credit bureaus from sharing my personal information with banks for the purposes of marketing. I got to the point where they wanted me to send them a freaking “Certified letter” with my request at which point I rolled my eyes and never got around to finishing it.

    It’s obnoxious though. If I get an average of 2 offers of credit 6 days a week, that’s 624 pieces of mail a year that I need to waste time on properly shredding and disposing of, because they may contain information that I don’t want misused. It’s a total pain in the ass.

    The part of me that likes to see the humorous side of things has considered just physically removing my mailbox and seeing what happens. Maybe 100% of everything will be returned to sender? At least I can hope. I can’t remember the last time I received anything of value in the mail, that wasn’t just a colossal waste of my time.

    …and if the sole thing keeping USPS afloat these days is unsolicited paper-based mass advertising, maybe they SHOULD cease to exist. That’s literally the only way to force the alternatives into existence. No one does anything until they absolutely have to. If an announcement went out that the USPS would be shutting its doors permanently in 6 months time, watch the changes happen!

Leave a comment