Critical Security Alert for PaperCut MF/NG

27. aprill 2023 by
Critical Security Alert for PaperCut MF/NG
Officeplus Kaubandus OÜ, Erik Köster

PaperCutil on tõendeid mis viitavad sellele, et uuendamata tarkvaraga servereid võidakse ära kasutada turvaaugu mis on tuntud ZDI-CAN-18987 / PO-1216 nime all, mida me käsitlesime PaperCuti MF ja PaperCut NG uuenduses 20.1.7, 21.2.11, 22.0.9. mis on välja antud 8. märtsil 2023. Seda turvaprobleemi kirjeldatakse üksikasjalikult meie KB artiklis aadressil www.papercut.com/kb/Main/PO-1216-and-PO-1219 ja seda kirjeldati lähemalt meie PaperCuti turvanõuandes Volitatud partneritele 27. veebruaril 2023.
 
PaperCut soovitab tungivalt uuendus installeerida kohe kui võimalik.
 
Kui vajate lisateavet, võtke meiega ühendust.

-----------------------------------

Following our previous message, we are contacting you again to provide further information regarding this critical security upgrade.

To recap. PaperCut has received two vulnerability reports from a 3rd party cyber security company (Trend Micro), for high/critical severity security issues in PaperCut MF/NG. There is evidence to suggest that unpatched servers are being exploited.

It is important that all customers urgently upgrade to a patched version.
The patched versions are 20.1.7, 21.2.11 and 22.0.9 and later versions.

The nature of the vulnerabilities are explained in the Security Bulletin available here, including examples of what to look for to determine if a customer has been compromised. It is also being kept up to date with any new information.
We’re writing to you as a valued Reseller to provide a summary of the advice we and PaperCut recommend you take to your customers.

General advice

All customers should implement best practice security monitoring and response. Examples of these best practices may include:
All software should be patched and up to date including PaperCut MF/NG.
Ensure antivirus software is up to date throughout the whole organization.
Ensure anti-malware software is up to date throughout the whole organization.
Monitor for suspicious activity such as alerts from your security software.
Encourage all users in the organization to report any suspicious activity to their IT contacts.

Advice for a customer who is concerned they’ve been compromised

In addition to the General advice, we recommend a customer implement their Security Response Process and activate procedures around potential compromise.

Key actions might include:
 
1. Remove the PaperCut MF server from your network
2. Complete a clean installation the Operating System for the PaperCut MF server
3. Complete a new installation of PaperCut MF using a patched version
4. Restore a PaperCut MF backup which has a backup date prior to the date of compromise (evidence suggests that data related to the exploit could reside in the database)
5. Update config keys,
a. print-and-device.script.enabled set to N (if you do not use print scripts)
b. device.script.sandboxed set to Y (sandboxing for device scripts enabled)
c. print.script.sandboxed set to Y (sandboxing for print scripts enabled)
6. Ensure print and device scripts on the PaperCut server are set to only execute in sandbox mode(which is the default and safest behaviour) or disabled if not used at all.

Advice for all other customers

For all other customers, in addition to the General advice, update to the patched versions outlined in the Security Bulletin. For customers who have an expired M&S and are on versions prior to version 20, please contact us for a 40-day M&S grace period to allow for immediate update.

As your Authorised Partner, we’re here to help along the way supported by PaperCut. Please reach out to us directly for clarity on any of the above.

Critical Security Alert for PaperCut MF/NG
Officeplus Kaubandus OÜ, Erik Köster 27. aprill 2023
Jaga seda postitust
Arhiveeri