Cov kws tshawb fawb txog kev ruaj ntseg los ntawm F-Secure tau txheeb xyuas qhov muaj qhov tsis zoo (CVE-2021-39238) cuam tshuam ntau dua 150 HP LaserJet, LaserJet Tswj, PageWide thiab PageWide Tswj cov tshuab luam ntawv thiab MFPs. Qhov tsis txaus ntseeg tso cai rau koj ua rau muaj qhov tsis txaus nyob rau hauv font processor los ntawm kev xa ib daim ntawv tshwj xeeb tsim PDF rau kev luam ntawv thiab ua tiav koj cov cai ntawm qib firmware. Qhov teeb meem tau tshwm sim txij li xyoo 2013 thiab tau kho nyob rau hauv firmware hloov tshiab tshaj tawm rau lub Kaum Ib Hlis 1 (cov chaw tsim khoom tau ceeb toom txog qhov teeb meem hauv lub Plaub Hlis).
Kev tawm tsam tuaj yeem ua tiav ob qho tib si ntawm cov tshuab luam ntawv sib txuas hauv zos thiab hauv network luam ntawv tshuab. Piv txwv li, tus neeg tawm tsam tuaj yeem siv cov txheej txheem kev tsim vaj tsev sib raug zoo los yuam tus neeg siv los luam cov ntaub ntawv tsis zoo, tawm tsam lub tshuab luam ntawv los ntawm cov neeg siv uas twb muaj kev cuam tshuam lawm, lossis siv cov txheej txheem zoo ib yam li "DNS rebinding," uas tso cai, thaum tus neeg siv qhib qee yam. nplooj ntawv hauv qhov browser, xa HTTP thov mus rau lub tshuab luam ntawv qhov chaw nres nkoj network (9100 / TCP, JetDirect), tsis muaj rau kev nkag ncaj qha los ntawm Is Taws Nem.
Tom qab ua tiav kev ua tiav ntawm qhov tsis muaj peev xwm, lub tshuab luam ntawv tsis txaus siab tuaj yeem siv los ua lub caij nplooj ntoos hlav los tawm tsam ntawm lub network hauv zos, hnia cov tsheb khiav, lossis tawm ntawm qhov chaw zais cia rau cov neeg tawm tsam hauv zos. Qhov tsis zoo kuj tseem tsim nyog rau kev tsim cov botnets lossis tsim cov kab kab sib txuas uas luam theej duab lwm cov kab ke yooj yim thiab sim kis rau lawv. Txhawm rau txo qhov kev puas tsuaj los ntawm kev cuam tshuam ntawm lub tshuab luam ntawv, nws raug nquahu kom tso cov tshuab luam ntawv network nyob rau hauv ib qho VLAN cais, txwv tsis pub lub firewall los ntawm kev tsim cov kev sib txuas ntawm cov tshuab luam ntawv tawm, thiab siv cov tshuab luam ntawv sib cais nruab nrab ntawm cov tshuab luam ntawv ncaj qha los ntawm cov chaw ua haujlwm.
Cov kws tshawb fawb kuj tau txheeb xyuas lwm qhov tsis zoo (CVE-2021-39237) hauv HP tshuab luam ntawv, uas ua rau nws muaj peev xwm nkag mus rau tag nrho cov cuab yeej. Tsis zoo li thawj qhov tsis zoo, qhov teeb meem tau muab rau ib qho kev txaus ntshai, vim tias qhov kev tawm tsam yuav tsum tau nkag mus rau lub tshuab luam ntawv (koj yuav tsum txuas mus rau UART chaw nres nkoj li 5 feeb).
Tau qhov twg los: opennet.ru