CERT-Bund, the Computer Emergency Response Team for German federal authorities and agencies, has put out an alert, warning users of two security vulnerabilities in an assortment of Lexmark’s multi-functional printer devices.
The manufacturer had already published a warning in this regard at the end of August. With the security gap which has been rated the more serious of the two, an attack can be carried out by way of using a manipulated color fax either to execute arbitrary code with the privileges of the service; the other one can create crash, resulting in a Denial of Service condition. While Lexmark has already made updated firmware correcting the vulnerabilities available, a short-term workaround until the update has been installed would be to deactivate the option for receiving color faxes (which virtually never occur in the real world).
Lexmark customers who have connected their MFPs to the Cloud Fax Services provided by Retarus, can confidently and safely ignore the warning. That’s because all incoming faxes are received via Retarus’ carrier-grade infrastructure and conveyed via Fax2Mail to the end devices. Retarus is an official fax partner for Lexmark in the EMEA, USA and APAC regions.