Disable software upgrades by default
NOTE: This bulletin has been re-posted as an additional product, the WorkCentre 6015N/I has been included.
The Xerox Phaser 6010, Phaser 6125, Phaser 6128MFP, Phaser 6130, Phaser 6140, Phaser 6180, Phaser 6180MFP, Phaser 6280, Phaser 6500, WorkCentre 3045NI, WorkCentre 6015N/I and the WorkCentre 6505 were shipped with software upgrades enabled by default. The firmware release which changes this default can be downloaded via the links inside the bulletin document. These firmware solutions are classified as Moderate updates.
NOTE: If software upgrade had previously been disabled, software upgrade must be ENABLED on the device at the Local User Interface before this firmware version can be loaded.
Please follow the instructions starting on page 2 for each affected product to install these firmware solutions.
This document has been created to detail the security settings available to customers on Xerox Multifunction devices that may not have their own specific Secure Installation and Operation document.
NOTE: Not all products will support all the security features detailed in this document.
NOTE: We are re-issuing this bulletin due to a spelling error of the name of one of the researchers. No technical content in the bulletin has changed.
Vulnerabilities exist that, if exploited, could allow remote attackers to insert arbitrary code into the device. This could occur with a specifically crafted Postscript or firmware job submitted to the device. If successful, an attacker could make unauthorized changes to the system configuration; however, customer and user passwords are not exposed.
As part of Xerox’s on-going efforts to protect customers, the ability to accept these specially crafted jobs can be disabled for the affected products listed in the bulletin. Links for the software needed are contained inside the bulletin.