Many networked Hewlett Packard (HP) printers on campus have not had their firmware updated to counteract a serious security vulnerability that could allow a remote attacker to snoop on, and take control of, unpatched network printers. Many of NAU’s network-attached printers have also never had an administrative password set.
ITS is beginning a project to address these vulnerabilities. We will be cataloging all the network printing devices on campus and checking each one to assure that they have up-to-date firmware, that the Remote Firmware Update feature is disabled and that they have an administrator password set.
You can assist by working with your departmental IT Staff to update and secure the network printers in your own area. If, during the ITS sweep of the campus, we find a printer with up-to-date firmware and an administrative password already set by you, we won’t touch it.
HP’s page on the firmware security vulnerability includes a table of printer models along with links to the updated firmware and instructions on disabling remote firmware updates.
If you would like further information regarding this initiative, please contact Harper Johnson, ITS Director of Security, at 523-7225.