Most of us don't think about the printers in our office, this latest set of vulnerabilities discovered includes just that, over 100 models of HP inkjet printers have be discovered to have a critical bug that can allow remote script injection. HP is warning all HP inkjet printer owners to update ASAP.
The two vulnerabilities that have been identified allow malicious files to be sent to the printers which then allow the attacker to run remote code execution. wrote HP's PSRT in a security bulletin.
An update has been pushed out by HP and should be run immediately HP says. Once this code is executed it can allow the attacker into the wider network.
The exact count of printer models is 166 including multifunction and business printers. Affected models include OfficeJet, DeskJet and Envy as well as DesignJet and PageWide Pro printers.
For direct instructions and downloads to update your printers go to: https://support.hp.com/us-en/document/c02919168