Hewlett-Packard acknowledged this week that software used to control two of its color printers could be exploited by attackers to remotely steal files from Windows PCs.
The bug, which Danish vulnerability tracker Secunia dubbed "less critical," affects the Toolbox software included with the Color LaserJet 2500 and Color LaserJet 4600. In its default configuration, the Toolbox -- which lets users remotely monitor the status of a connected printer -- could allow an attacker to hack into jacked-in computers, then read any file on the hard disk.
HP'sadvisory links to an update to the Toolbox that patches the bug.
"A vulnerability like this opens the door for hackers to spy on your sensitive information," said Graham Cluley, a senior technology consultant at U.K. security company Sophos. "Users running the affected software should upgrade as soon as possible."
Many of HP's business-class printers come with similar software -- which installs an HTTP server on the connected PC -- for remotely changing printer settings, receiving alerts (such as paper jams), and monitoring the amount of remaining toner.
|
Five Companies That Dropped The Ball This Week For the week ending Feb. 10, CRN looks at five companies that were either asleep at the wheel or just didn't make good decisions. |
|
Five Companies That Came To Win This Week For the week ending Feb. 10, CRN looks at five companies that brought their 'A' game and made moves to beat out competitors |
|
10 Challenges That HP Wants Partners To Tackle Right Now CRN speaks with HP's business unit chiefs to get a sense of where they'd like partners to focus in the coming year, as well as how CEO Meg Whitman is making a difference. |
 More
Slide Shows |
