Fusecure discovered vulnerabilities that affect more than 150 HP printers multifunction devices, and cautioned
F-Secure (Headquarters: Helsinki, Finnish, CEO: JUHANI HINTIKKA, Japan Corporation: Minato-ku, Tokyo, Fusecure) is Hewlett Packard (HP). We discovered that vulnerabilities for more than 150 models of multifunctional printers (MFP) products and the results of their surveys were announced. The attacker can exploit this vulnerabilities, deprive the vulnerable device control, steal information, and also invade the network to cause more damage. Based on the provision of information from Fusecure, HP provided a patch to fix these vulnerabilities. Timo HIRVONEN (Timo Hilvonen) and Alexander Bolshev (Alexander Bolchev), a security consultant of Fusecure, are the vulnerable to the MFP M725Z, the multifunctional printer of the HP's FutureSmart series. -2021-39237) and font analysis vulnerabilities (CVE-2021-39238) were found. HP's public security advertisery has more than 150 types of products affected by this vulnerabilities. The most effective way to exploit these vulnerabilities effectively is to deceive the target company's users by fishing, access a malicious website, and use the vulnerable MFP used by the company. It is to expose to the attack called. When the user accesses this site, it automatically prints a document, which contains malicious fonts, with vulnerabilities remotely printing, and gives the attacker the MFP code execution right. Attackers with these code execution can secretly steal any information that is executed (or cached) through MFP. This includes not only printed / scan / faxed documents, but also information for connecting MFP to other networks, such as passwords and login information. Attackers may also invade the company's network deeper for other purposes, such as the infringed MFP as a foothold, the stealing and changing of other data, the spread of ransomware, etc. for other purposes. Fusecure's researchers are very difficult to abuse this vulnerabilities, and it is difficult for attackers who only have low -level skills to abuse, but they have experienced and high skills. I believe that an attacker can use it for targeted attacks. Furthermore, it has been found that the vulnerability of this font analysis can be wornized. In other words, the attacker can automatically expose the vulnerability MFP to danger and create a self -growth malware that spreads to other vulnerable MFPs on the same network. "We tend to forget that recent MFP is a computer with a complete function that can violate attackers, like other workstations and endpoints, and as in other endpoints. In addition, the attacker can damage corporate infrastructure and operations using the infringed device. If you are an experienced cyber criminal, it is considered "unprotected device = a great chance." increase. Therefore, companies that do not recognize that MFP protection is as important as normal endpoint protection may be exposed to attacks reported in this survey. Hirvonen explains.
MFPを保護するためのアドバイス:HPはMFPのリーディングカンパニーであり、ハードウェア周辺機器市場の40%を占めていると言われており*1、世界中の多くの企業が今回脆弱性が発見されたモデルのMFPを使用している可能性があります。 HirvonenとBolshevは、本年春に発見した内容をHPに通知し、脆弱性修正のためのサポートを提供しました。現在、HPは脆弱性の影響を受けたモデルのファームウェア・アップデートとセキュリティ・アドバイザリーを公開しています。この脆弱性を突く攻撃は難易度が高いため、攻撃者の多くにとっては現実的ではありませんが、高度な攻撃の標的となっている企業にとっては、脆弱なMFPを安全に保護することが重要であると、エフセキュアのリサーチャーたちは述べています。MFPの安全性を確保するうえで、パッチを当てる以外の対策には以下のようなものがあります:HIRVONEN concludes the measures that companies should take as follows:
"Companies that can be the target of attackers with advanced technology and abundant resources, such as large companies and companies in important fields, need to take such a serious situation. You do not need to panic immediately.In order to prepare for such an attack, it is necessary to evaluate what kind of threats they are being exposed. This attack is advanced, but network segmentation, patch management, security hardening.It is possible to reduce it by basic measures such as. "
For details on this research, you can see it on the following page.
https: // blog.f-secure.com/ja/printing-shellz/(Japanese)
https: // labs.f-secure.Com/Publications/Printing-shellz (English)*1 https: // www.IDC.COM/Promo/Hardcopy-peripherals Effseecure Prespress Page:
https: // www.f-secure.com/jp-ja/pressエフセキュアについてエフセキュアほど現実世界のサイバー脅威についての知見を持つ企業は市場に存在しません。数百名にのぼる業界で最も優れたセキュリティコンサルタント、何百万台ものデバイスに搭載された数多くの受賞歴を誇るソフトウェア、進化し続ける革新的なセキュリティ対策に関するAIテクノロジー、そして「検知と対応」。これらの橋渡しをするのがエフセキュアです。当社は、大手銀行機関、航空会社、そして世界中の多くのエンタープライズから、「世界で最も強力な脅威に打ち勝つ」という私たちのコミットメントに対する信頼を勝ち取っています。グローバルなトップクラスのチャネルパートナー、200社以上のサービスプロバイダーにより構成されるネットワークと共にエンタープライズクラスのサイバーセキュリティを提供すること、それがエフセキュアの使命です。
エフセキュアは本社をフィンランド・ヘルシンキに、日本法人であるエフセキュア株式会社を東京都港区に置いています。また、NASDAQ ヘルシンキに上場しています。詳細はhttps: // www.f-secure.com/en/welcome (英語) および https: // www.f-secure.Please see com/ ja_jp/ (Japanese).In addition, information is also distributed on Twitter @fsecureblog.
