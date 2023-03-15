

The printer manufacturer Lexmark has released an update to fix several critical vulnerabilities in the printer firmware. Normally one would advise users to update quickly, but as it is said, third-party toners will be deactivated with the update.





This could now become a problem for many users. According to the report of Online magazine Drucker Channel the third-party exclusion is explicitly mentioned. Lexmark has made the change available with a new firmware update for a number of models to close known security vulnerabilities.

The company informs users that they are patching four security holes. Two vulnerabilities were classified as critical, the other two as “high”. The vulnerabilities could lead attackers to remote code execution and privilege escalation, among other things. Therefore, quick updates would be advisable.

Third Party Disclaimer Notice

But according to Drucker Channel, there is another note in the release notes this time that makes Lexmark users sit up and take notice: “Firmware updates can cause (…) counterfeit and/or unauthorized products, accessories, consumables (.. .) can no longer be used.” The updates have been delivered since March 10th. So it may well be that Lexmark owners have already received the updates automatically.

More details on the vulnerabilities are available in a Security Warning by Lexmark. The vulnerabilities are listed under the names CVE-2023-26063, 26067, 26068 and 26069.

No sign of exploitation

The manufacturer points out in its advisory that the bugs could be exploited, among other things, to execute arbitrary code on the device, which could have far-reaching effects on a compromised network.

However, Lexmark has not yet published any indications that the vulnerabilities are not currently being actively exploited. The published security advisory lists more than 100 printer models that are affected by the vulnerability if they are running a vulnerable firmware version. Users are advised to check the firmware status and update it if necessary.

Firmware check

To determine what firmware your device is running, navigate to Settings/ Reports/ Menu Settings Page and check the version listed in the Device Information section.

Further information on the affected models and links to the updated firmware versions can be found on the Manufacturer’s website.

