Security Announcements

A new cyber security vulnerability (CVE-2023-29552) has been discovered in the Service Location Protocol (SLP) contained in bizhub MFPs and printers, which may result in a denial-of-service (DoS) attack.  Konica Minolta printers and MFPs located on unprotected networks or connected directly to the public Internet are at higher vulnerability risk.  Devices behind firewalls on trusted networks do not necessarily have to implement the recommendations below.

PaperCut has recently received two vulnerability reports from a 3rd party cyber security company (Trend Micro), for high/critical severity security issues in PaperCut MF/NG. There has not been any evidence of these vulnerabilities being used against customers at this point.

The Microsoft July 2021 Cumulative Update for Windows Server Operating Systems caused an authentication failure that directly affects CAC/PIV and SIPRNet enabled MFDs globally. This update not only negatively impacted our Konica Minolta customers, but also others such as Canon, Ricoh, Lexmark, HP.

Konica Minolta has tested and evaluated our internal applications and infrastructure, and we have remediated impacts to our externally facing systems. We are awaiting updates from our support vendors on tools used internally. Frequent updates to corporate security tools and heightened security monitoring have helped to minimize open issues and ensure our systems are secure.

The vulnerability of multifunction printers (MFPs) to hacking attempts to gain complete control over the printer via the Fax line was made public in August by researchers from Check Point Solutions Technologies. The research conducted was specific to HP Inket All-In-One printers.

Konica Minolta Business Solutions U.S.A., Inc. (Konica Minolta) today announced results from an extensive security test of Konica Minolta’s bizhub line of multifunction printers (MFPs) against hacking attempts. The tests, conducted by NTT DATA Services, an internationally respected IT services provider, concluded that the printers are well-fortified against security breaches.

Based on current knowledge, the threat likelihood is extremely low for Konica Minolta products. CPU hardware implementations are vulnerable to cache side-channel attacks. These vulnerabilities are referred to as Meltdown and Spectre. Both Spectre and Meltdown take advantage of the ability to extract information from instructions that have executed on a CPU using the CPU cache as a side-channel.