Lexmark firmware update closes vulnerability and fixes Windows printer issue

Sicherheit (Pexels, allgemeine Nutzung)[German]Good news for owners of Lexmark printers. The manufacturer has finally provided the firmware updates for various models. On the one hand, these are supposed to eliminate a vulnerability in more than a hundred Lexmark printer models, which Lexmark already warned about in June 2022 (the update had to be withdrawn again). Furthermore, the firmware update is supposed to fix the USB communication problem in Windows, which was caused by the July 2022 security update.


Advertising

Vulnerability and printer issue

Since July 2022, owners of various Lexmark printers have been suffering from the problem that these devices only print incomprehensible stuff. The cause is the July 2022 security update for Windows – I had reported about it in the blog post Windows: Printer issues after July 2022 patchday and fixes. Even if the problem is caused by a Microsoft update, the problem seems to be related to the firmware of the device.

The second issue in Lexmark printers is a vulnerability that affects more than a hundred models. Attackers who have already gained access to the printers' firmware can then infiltrate them via a vulnerability. Lexmark had already written the Security Advisory CVE-2022-29850 (PDF) in June 2022, but then made another revision in August 2022.

However, the firmware updates provided had to be withdrawn at short notice after problems. Lexmark had then advised a revised firmware update for mid Sept 2022, which should fix the CVE-2022-29850 vulnerability in the firmware, but also fix the Windows printing issue. I had reported on this in the blog post Lexmark: Firmware update to fix Windows bug and vulnerability CVE-2022-29850 in mid-Sept. 2022 in mid Sept 2022.

Revised firmware update released

German blog reader Frederik S. had already emailed me last Thursday, September 15, 2022, with the information that the revised firmware was available on the Lexmark support pages.

as information for you there is since today on the Lexmark support site the download of version 081.215, according to the release notes the USB bug as well as the CVE-2022-29850 is fixed.

Also this comment from Michael N. left in the German blog informed me, that he found the new firmware updates on the Lexmark site (thanks to both readers for the hint):


Advertising

Lexmark has the new firmware version 081.215 available for our models on the Lexmark support page as of today. The release notes describe many bugs that should be fixed. There is also talk of an 081.212 release, but I have never seen it, perhaps it was not public.

Lexmark meanwhile published this support post about the USB printer problem and writes: Update the printer to xxxxx.081.215 or the latest RIP firmware version. This can be done via the printer's EWS feature (requires a network connection to the Internet) or by downloading the firmware from Lexmark support and copying that version to a USB stick, inserting that stick into the printer's USB port (if available), and then selecting that version. Firmware update instructions are also available on this Lexmark support page – downloads should be possible via this Lexmark Driver download page after entering the model (currently not all firmware revisions has been released). The firmware was probably released there on September 16, 2022. Below is an excerpt from the release notes.

RELEASE NOTES: xxxAT.081.215, xxxBD.081.215, xxxBL.081.215, 
xxxBN.081.215, xxx.GM.081.215, xxx.GW.081.215, xxxMH.081.215,
xxxMM.081.215, xxxPC.081.215, xxxPM.081.215, xxxPP.081.215,
xxxSG.081.215, xxxZJ.081.215
 
READ THIS FIRST: Special notes and considerations
 
−  ***IMPORTANT*** If using Scan Center with a non-default value (default = "-1") for the
UCF settings de_network_fwCompatibilityLevel*, users must review the following
Knowledge Base article before upgrading to this release (this is not common):
−  Scanning from Scan Center causes 900.00 error
−  Although this URL is specifically for the MX822, this article is applicable to all
multi-function devices (MFP's) using Scan Center
−  Firmware upgrade warning:
−  Any device running FW5.1 or older (xxxxx.051.yyy or smaller numbers) must first
update to a FW7 based release such as xxxxx.076.308 before upgrading to
xxxxx.081.001 or newer releases
−  MS32x-MS62x/MX32x-MX62x Series devices and their equivalents running
xxxGM.04y.zzz firmware must first update to a firmware release between
xxxGM.070.001 and xxxGM.075.289 as an initial intermediate release before
updating to xxxxx.081.001 or newer releases
−  CS72x/CX72x Series devices and their equivalents running ATL.03x.yyy or
ATL.02x.yyy firmware must first update to CSTAT.041.090 or CXTAT.041.090 as
an initial intermediate release before updating to a FW7 based release, such as
xxxxx.076.308, and then finally updating to xxxxx.081.001 or newer releases
−  CS82x/CX82x and CX86x Series devices and their equivalents running
xxxPP.075.yyy or older firmware AND with extra memory (RAM) installed must
first update to a FW7.6 based release such as xxxPP.076.308 before upgrading
to xxxPP.081.001 or newer releases
−  Contact Lexmark Technical Support to obtain intermediate releases if needed 
−  Firmware downgrade warning:
−  Devices manufactured with xxxxx.080.001 or newer firmware cannot have
firmware downgraded below the manufactured level
−  For all other devices, it is strongly recommended that a firmware downgrade is
NOT performed
−  Downgrading firmware from newer major firmware ECs to older major firmware
ECs will result in the loss of Apps, Security Features, and Settings
−  Contact Lexmark Technical Support and see KB Article SO8017 for more
information on the impacts of downgrading
−  Ensure the firmware you download is the correct one for the product you have

CUSTOMER RELEASE NOTES:
FW8.1, xxxAT.081.215, xxxBD.081.215, xxxBL.081.215, xxxBN.081.215,
xxxGM.081.215, xxxGW.081.215, xxxMH.081.215, xxxMM.081.215, PC.081.215,
xxxPM.081.215, xxxPP.081.215, xxxSG.081.215, and xxxZJ.081.215 for the following
devices 
 
Changes in 081.215 (since 081.212):
Security Issues Addressed:
−  Upgraded open-source components to apply latest security patches 
Field Issues Addressed and Other Improvements: 
−  Improvements to firmware flashing reliability
−  Fix for an issue where using the "Fit to Page" setting on the printer results in a
corrupted output for some print jobs
−  Fix for an issue where the CS/CX73x devices are not responding to adjustments
to the left margin on the multipurpose feeder or input option trays (CSTMM and
CXTMM firmware)
−  Fix for an "unsupported USB hub" error on some devices with Marknet N8372
options installed
−  Fix for an issue where "fold" settings for Copy shortcuts were not applied
correctly when the shortcut was launched via Shortcut Center
−  Fix for an unexpected output received when printing via USB cable from a
computer running Windows10 patched with KB5015807 or newer
−  Fix for a 912.32A crash on CS/CX33x devices and their equivalents (CSLBL and
CXLBL firmware)
−  Update default print resolution of mono devices to 1200IQ to improve interaction
with newer drivers and/or driverless print options.  NOTE: device print resolution
setting will not be changed by applying this firmware update, a restore factory
defaults or out of service erase would have to be performed after installing this
update for the new default to apply
−  Fixes for multiple fax issues
▪  Fix for an issue where devices with fax modems are stuck with "Busy,
please wait" on screen during some boot up operations
▪  Fix for a missing "Fax Transport" setting in some configurations
▪  Fix for an inability to receive some HTTPS faxes
−  Fixes for multiple sources of 900.00 errors
▪  Fix for a 900.00 Kernel crash when connected via USB cable to a
computer running Windows10 patched with KB5015807 or newer
▪  Fix for an intermittent 900.00 crash when performing a Card Copy job or a
quick copy job (start copying by pressing green button from home screen)
▪  Fix for a 900.00 crash that occurs with some JBIG faxes ▪  Fix for a reoccurring 900.00 crash every time the device powers up
▪  Fix for a 900.00 crash that occurs after the printer has been idle/asleep
for multiple hours on CS/CX82x and CX86x devices and their equivalents
(CSTPP and CXTPP firmware)
▪  Fix for a 900.00 crash while printing using CS/CX33x devices and their
equivalents (CSLBL and CXLBL firmware)
▪  Fix for a 900.00 crash that occurs when switching wireless access points
(changing SSID's)
▪  Fix for an intermittent 900.00 crash when using some HTTPS fax
functions
 
Changes in 081.212 (since 081.205):
Security Issues Addressed:
−  Upgraded open-source components to apply latest security patches
Field Issues Addressed and Other Improvements: 
−  Fix for an issue where the printer does not boot all the way to a usable state after
updating firmware (sometimes stuck at "Busy, please wait", sometimes earlier in
boot)
−  Fix for an issue where CS/CX82x and CX86x devices fail to boot if they have
4GB of RAM or more installed (CSTPP and CXTPP firmware)
−  Fix for an issue where faxes are not sent successfully if "cover page" is enabled
or "hold the job" is enabled and certain security configurations are present
−  Fix for an issue where the Lexmark Cloud Services Native Agent running on the
device intermittently stops communicating with the Lexmark Cloud
−  Prevent Lexmark Cloud Services connection from disabling itself when network
connection is lost
−  Fix for an issue where devices intermittently fail during SMB communication to a
Windows Server with STATUS_ACCESS_DENIED or
STATUS_DUPLICATE_OBJECTID
−  Fix to improve output from some MS/MX72x and MS/MX82x printers which
intermittently printed too light or too dark (MSNGW, MSTGW, and MXTGW
firmware)
−  Fix for an "incorrect printer time" error message at device power on
−  Fix for an issue where the secure element is intermittently not detected at device
power on causing an "Error communicating with the secure element" message to
appear on the device
−  Allow scanner firmware update even if scanner is disabled on CX92x devices
−  Fix for an issue where the device stops scanning in the middle of a job initiated
by an eSF app and remains stuck
−  Fix for a 912.45A crash on the CS/CX33x devices and their equivalents (CSLBL
and CXLBL firmware)
−  Fix for an issue where MB2236 devices with a 2.8" touch screen boot into the
"special boot options" menu if the paper tray is empty (MXLSG firmware - 2.8"
touch screen operator panel only) −  eSCL scanning support for different resolutions for each color mode
−  Fix for an issue where import of PKCS12 device certificates fails
−  Updated some strings and translations for enhanced user experience
−  Multiple fixes for PDF and PCL-XL emulator errors
−  Fix for an 842.02 crash when performing a scan job on CX42x-62x devices
(CXNZJ and CXTZJ firmware)
−  Return printer network address instead of local-host when querying printer-more-
info URI IPP attribute
−  Fixes for multiple sources of 900.00 errors
▪  Fix for an intermittent 900.00 crash only on network connected printers
▪  Fix for a 900.00 crash when tapping "Connected to Network" on the
device operator panel
▪  Fix for intermittent 900.00 crashes at device boot up on the CS/CX72x
devices and their equivalents (CSTAT and CXTAT firmware)
▪  Fix for other intermittent 900.00 crashes
 
Changes in 081.205 (since 081.016):
Security Issues Addressed:
−  Additional mitigations for CVE-2022-29850 Compromised device remains
vulnerable after firmware update
−  Upgraded open-source components to apply latest security patches 
−  Security improvements based on internal testing
Field Issues Addressed and Other Improvements: 
−  Add support for space characters in SNMP Community Name
−  Adjust Fax Volume settings to support new fax card for certain devices (MXLBD,
CXLBL, and CXLBN firmware) 
−  Fix for an issue where "Keyboard Type" setting must be changed twice in order
to take effect
−  Increase time necessary to hold keyboard button before extra characters appear
in order to reduce inadvertent clicks
−  Added "Test SMTP Connection" button to SMTP setup menu to improve setup
usability
−  Resolve an issue where adding/removing "Held Jobs" from Home Screen
Customization via printer web page intermittently doesn't refresh the op panel
and/or web page correctly
−  Fix for an issue where LDAP authentication fails in some environments using
username and password, but succeeds with username only
−  Resolve an issue where, under certain conditions, the printer web page
intermittently shows the printer status as "Busy" even if the printer is not in busy
state
−  Improvement to ensure apps are able to automatically scroll a list to the currently
selected item during a change prompt if the list is longer than one screen – for example, a list of languages where the currently selected language may be
toward the middle or bottom of the list
−  Fix for an issue that causes firmware updates to intermittently fail on some
devices 
−  Improve messaging for firmware version comparison when updating via the
printer web page
−  Fixes for multiple sources of 900.00 errors
 
Changes in 081.016:
New Features:
−  Improved usability on 2.8-inch touchscreen devices 
−  Improved Initial Setup Wizard usability experience 
−  Added opt-out model for anonymous data collection 
−  New TPM hardware support
−  TLS v1.3 Server Support
−  WPA v3.0 support
−  IPP Everywhere 1.1
−  Universal Print – Phase 2 
−  Node locked setting bundles 
−  Open Source JDK 
−  Custom Factory Defaults support 
−  Improved staple logic (Held Jobs)
Security Issues Addressed:
−  CVE-2022-29850 Compromised device remains vulnerable after firmware update
−  Upgraded open source components to apply latest security patches
−  Security improvements based on internal testing
Field Issues Addressed and Other Improvements:
−  Improved enrollment to Lexmark Cloud Services
−  Fix for an issue where certain Cipher List changes are not saved successfully
−  Added validation checking to General Fax Settings, Fax Server, and Email Reply
Address fields
−  Multiple fixes for fax receive issues
−  Resolve a permissions issue with installed userflash
−  Fix for an issue where an HBP driver generated job does not print on certain
devices
−  Multiple fixes for PS, PDF, and PCL emulator errors


Advertising

This entry was posted in devices, Security, Windows and tagged , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).