HP Enterprise Printing Communication User Manual

HP Inc. 1501 Page Mill Road Palo Alto, CA 94304

HP.com

Security Advisory

HP Enterprise Printing Communication: Meltdown & Spectre CPU Vulnerabilities

Jan 17th , 2018

On January 3rd, 2018 Google’s Project Zero and academic institutions announced vulnerabilities in common CPU platforms. The vulnerabilities impact Intel x86 processors and certain AMD and ARM processors.

The Spectre and Meltdown vulnerabilities affect microprocessors utilizing speculative execution and indirect branch prediction. It may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

These vulnerabilities could allow a malicious process to read memory of other software processes. This would require installation of malicious code to perform a successful exploit.

The following security features mitigate loading untrusted or tampered code on HP devices:

o Digital signing of printer firmware and firmware updates o Digital signing of printer solutions code o HP SureStart and Secure Boot / ROM based code validation o Whitelisting and Code Integrity Validation o Runtime Intrusion Detection o Run-time Code Integrity that ensures Executable Memory is Write-Protected

For additional information on these security features see the References section

The following HP print devices use x86 and ARM processors that are susceptible to these vulnerabilities. One or more of the above security features mitigate loading untrusted or tampered code on these devices.

 HP LaserJet Enterprise printers and multifunction printers

 HP LaserJet Enterprise pre-FutureSmart printers and multifunction printers

 HP LaserJet Pro printers and multifunction printers

 HP PageWide Enterprise printers and multifunction printers

Version 1.3 Public

 HP PageWide Pro printers and multifunction printers

 HP LaserJet Managed multifunction printers

 HP PageWide Managed printers and multifunction printers

 HP Digital Senders and Document Capture Workstations

 HP OfficeJet Pro printers

 HP Designjet Series printers

 HP PageWide XL Series printers

 HP HD / SD Pro Scanners

 HP Latex printers

For a complete device listing see Appendix A.

HP Software Solutions

HP Software Solutions rely on their host servers and are not directly impacted by the CPU vulnerabilities. Patches or remediation recommendations should be followed from Microsoft® and other operating systems providers.

Recommended Actions

HP will evaluate implementation of code fixes from CPU and operating system vendors as they become available for HP printing device architectures.

The following actions further protect against installation of malicious code.

Note: Not all setting available on all devices

 Configure local administrator password (EWS)

 Disable Printer Updates

 Disable PJL Disk Access and Postscript Disk Access

 Disable NFS

 Disable FTP

Stay Informed

Subscribe to HP real-time security information: All HP products use a common centralized Security Bulletin process managed by HP´s Product Security Response Team (PSRT). Subscribe to HP Security Bulletins by following these steps:

1. Go to http://www.hp.com/go/support.

2. Click Get software and drivers.

3. Find your product.

+ 4 hidden pages