Product Security Guides: How can they help you? Do you have questions about how Xerox® Products protect data at rest/in motion or what secure protocols are supported by a particular device? These are of course only a few security related questions you may have surrounding the security functions/features of a Xerox® Product. It is […]
Security Bulletins and RSS (Really Simple Syndication) Feeds Xerox recommends that customers keep their software levels up to date for optimal security. Xerox publishes Security Bulletins when vulnerability issues have been resolved in software or security related enhancements are added. There are three ways to access Security Bulletins: Visit the Product Security website and […]
Name Load Value Injection / CVE-2020-0551 / INTEL-SA-00334 Tracking Number 2019-002 First Publish Date 25 Mar 2020 Date of Current Status 15 Apr 2020 Next Planned Update N/A Description A vulnerability in Intel processors with SGX (Intel Software Guard Extensions) potentially could allow exfiltration of data from SGX enclaves. What You Need To Know? Security […]
Name Microsoft Security Advisory ADV190023 LDAP Tracking Number NA First Publish Date 24 Feb 2020 Date of Current Status 26 Mar 2020 Next Planned Update N/A Description LDAP channel binding and LDAP signing provide ways to increase the security of network communications between an Active Directory Domain Services (AD DS) or an Active Directory Lightweight […]
Name: Microsoft Windows 7 Embedded System OS End of Security Updates: What You Need to Know Tracking Number 2020-001 First Publish Date 13 Jan 2020 Date of Current Status 13 Jan 2020 Next Planned Update NA Description End of support for Microsoft Windows 7 Embedded Systems Operating System (FES) running on Xerox products with EFI […]
Name Wind River VXWorks IPnet TCP/IP STACK Vulnerabilities Tracking Number 2019-001 First Publish Date 29 Jul 2019 Date of Current Status 24 Apr 2020 Next Planned Update N/A Description A number of vulnerabilities in Wind River’s VXWorks IPnet TCP/IP Stack implementation have been reported. These vulnerabilities could allow attackers to hijack existing TCP sessions to […]
Award Announcement Xerox has long been a leader in sounding the alarm for and addressing security concerns in the print infrastructure, which increasingly is connected to the Internet to enable cloud-based work processes and mobile printing. Now Xerox is being recognized by Channelnomics, a trade publication that covers the business of selling through indirect channels. […]
Name: Fax Vulnerability Affecting HP Printers Tracking Number 2018-002 First Publish Date 15-Aug-18 Date of Current Status 23-Aug-18 Next Planned Update NA Description Embedded fax may be vulnerable to remote code execution flaws What you need to know? Check Point Research were able to gain access using a phone line to send a fax that […]
Xerox recommends the following to help protect your Xerox device: Don’t connect your Xerox device directly to the public Internet. Make sure it’s behind a firewall or router so that only you and your users have access to it. This helps keep outsiders from accessing the machine and interrupting your business. Change default passwords on […]
Name: Name Spectre & Meltdown CPU Vulnerabilities Tracking Number 2018-001 First Publish Date 5-Jan-2018 Date of Current Status 29-Mar-2018 Description Vulnerabilities in select CPU vendors potentially could allow access to protected memory. What You Need to Know? Security researchers reported flaws in CPUs that may allow an attacker with local user access the ability […]
Name Xerox AltaLink Devices Achieve Common Criteria Certification Tracking Number 2017-015 Publish Date 8-Dec-17 Announcement On November 20, 2017, the AltaLink B8000 Series and AltaLink C8000 Series received National Information Assurance Partnership’s (NIAP) certification against the latest Common Criteria security protection profile for hardcopy devices. Xerox ConnectKey Technology-enabled AltaLink devices are the first multifunction printers […]
A researcher released a description and proof of concept code that takes advantage of a previously-unknown flaw in WPA2.
A recent Distributed Denial of Service (DDOS) attack has been attributed to the Mirai botnet.
Recently researchers in Germany published a paper describing a number of vulnerabilities in the PostScript printer language.
Some Xerox printers may begin printing pages filled with the letter ‘X’ when scanned by the Qualys network vulnerability scanning tool.
WannaCry and Petya are malware that attack unpatched Windows systems, encrypt the files and demand a ransom to decrypt them.