Over a hundred HP Inkjet printers have serious flaws that should be fixed Vulnerability-related.PatchVulnerability , HP has warned Vulnerability-related.DiscoverVulnerability . Computer and printer giant HP has flagged Vulnerability-related.DiscoverVulnerability two critical flaws over a hundred different printer models that it says should be patched Vulnerability-related.PatchVulnerability “ as soon as possible ” . Owners of numerous HP Inject models will need to install new firmware for each of the affected models from its Officejet , Deskjet , Envy , as well as its larger form business printers , including DesignJet and PageWide Pro printers . Multiple models from each product line are affected so customers and consumers should scroll through HP ’ s advisory to check whether their specific model is affected . Customers should also check out HP ’ s support pages for how to install the firmware updates , which can be done directly from the printer for web-enabled printers — mostly those released after 2010 — or via Windows or Mac computers they ’ re networked with . The bugs , which have been assigned Vulnerability-related.DiscoverVulnerability the numbers CVE-2018-5924 and CVE-2018-5925 , are rated “ critical ” and could allow remote code execution . “ Two security vulnerabilities have been identified Vulnerability-related.DiscoverVulnerability with certain HP Inkjet printers . A maliciously crafted file sent to an affected device can cause a stack or static buffer overflow , which could allow remote code execution , ” HP notes in an advisory . The company hasn’t indicated Vulnerability-related.DiscoverVulnerability whether the flaws are publicly known Vulnerability-related.DiscoverVulnerability or under attack but says it was “ recently made aware Vulnerability-related.DiscoverVulnerability of a vulnerability in certain inkjet printers by a third-party researcher. ” The patches come Vulnerability-related.PatchVulnerability just a few days after HP Inc announced Vulnerability-related.DiscoverVulnerability it would soon launch its printer bug bounty , which is the world ’ s first and only print security bug bounty program . The computer maker is partnering with Australian-founded Bugcrowd to manage the program , which will validate the bug reports , and pay researchers between $ 500 to $ 10,000 , depending on their severity . It ’ s one of Bugcrowd ’ s “ private programs ” so only researchers who are invited can submit bug reports . Printers are a soft spot for organizations because chief information security officers ( CISOs ) usually don ’ t get involved in their purchase , according to a member of HP ’ s security advisory board , MedSec CEO , Justine Bone . “ CISOs are rarely involved in printing purchase decisions yet play a critical role in the overall health and security of their organization , ” said Bone . “ For decades , HP has made cybersecurity a priority rather than an afterthought by engineering business printers with powerful layers of protection . And in doing so , HP is helping to support the valuable role CISOs play in organizations of every size . ”

Troubled browser has once again come under attack , with flaw discovered Vulnerability-related.DiscoverVulnerability in multiple versions of Internet Explorer . Microsoft has been forced to issue Vulnerability-related.PatchVulnerability an emergency security patch for its Internet Explorer browser . The release came after Google security engineer Clement Lecigne uncovered Vulnerability-related.DiscoverVulnerability a critical vulnerability in several versions of Microsoft 's browser , and could have been activated simply by directing users to a malicious website The flaw , known as CVE-2018-8653 , affects Vulnerability-related.DiscoverVulnerability Internet Explorer 9 , 10 and 11 , with the update issued Vulnerability-related.PatchVulnerability to Windows 7 , 8.1 and 10 versions , as well as Windows Server 2008 , 2012 , 2016 and 2019 . `` A remote code execution vulnerability exists in Vulnerability-related.DiscoverVulnerability the way that the scripting engine handles objects in memory in Internet Explorer , '' Microsoft stated in its support document for the threat . `` The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user . '' The company has issued Vulnerability-related.PatchVulnerability a fix for the flaw now , outside of its typical Patch Tuesday security cycle , signifying it is a significant threat and should be patched Vulnerability-related.PatchVulnerability immediately . Microsoft has gradually retired Internet Explorer from public view over the past few years as it focuses on its newer browser Edge , with only customised versions available to certain business users . The company may also be about to pull the plug on Edge as well , with report recently confirming Microsoft is set to introduce a new browser built on Google 's Chromium platform .