Lexmark has urged its prospects to replace their printer’s firmware, following the publication of a proof-of-concept (PoC) exploit permitting distant code execution (RCE).

The exploit in query, designated CVE-2023-23560, can provide attackers entry to print job queues, reveal Wi-Fi community credentials, and permit entry to different gadgets on a community.

Lexmark wrote in a safety advisory (opens in new tab) that whereas it doesn’t imagine the exploit is being extensively used, greater than 100 printer fashions are vulnerable to compromise whereas working pre-patch firmware.

TechRadar Professional wants you! (opens in new tab)

We wish to construct a greater web site for our readers, and we want your assist! You are able to do your bit by filling out our survey (opens in new tab) and telling us your opinions and views in regards to the tech business in 2023. It is going to solely take a couple of minutes and all of your solutions will probably be nameless and confidential. Thanks once more for serving to us make TechRadar Professional even higher.

D. Athow, Managing Editor

 Lexmark firmware variations

Per BleepingComputer (opens in new tab), firmware variations throughout all gadgets numbered 081.233 and under are weak to RCE assaults, whereas fastened variations are numbered 081.234 or greater. Firmware variations launched on or after January 18, 2022 are thought-about secure. 

To retrieve their present firmware model, Lexmark customers can navigate to the “Machine Data” part positioned on the ‘Menu Setting Web page’ of the ‘Experiences’ part of their system settings.

New firmware for affected printers can, as ever, be obtained from Lexmark’s driver obtain portal (opens in new tab) and, relying on the working system of a person’s PC similar to Home windows or Linux, be put in both through USB or through community strategies such because the File Switch Protocol (FTP).

Those that, for no matter motive, can’t apply the firmware replace are suggested to disable the net providers characteristic, blocking the exploit albeit on the expense of the system’s internet-connected performance.

To do that, customers ought to navigate to the “Community/Ports” part of the settings menu, then the “TCP/IP” choice, adopted by the “TCP/IP Port Entry” menu, earlier than disabling “TCP 65002 (WSD Print Service)”.

Whether or not it’s a printer, a cellphone, a fridge, or the rest, gadgets able to being related to the web can pose a danger to community safety and the identities of customers, and must be up to date commonly.

Companies and prosumers alike are suggested to make use of separate, randomly generated passwords, saved in a password supervisor, throughout all their gadgets to lower the probabilities of attackers utilizing RCE exploits to invade a community. As well as, they may keep away from a wi-fi printer altogether.

•  Right here’s our record of the most effective small enterprise firewalls proper now