"Log4j" [CVE-2021-44228] vulnerability – 15th December 2021
We are currently in the process of investigating the impact of the ‘Log4j’ vulnerability on Canon products. As information comes to light, we will update this article.
The table below gives the vulnerability status for the hardware and software products listed. Please check back regularly.
Windows Print Spooler Remote Code Execution Vulnerability – Updated 16 November 2021
A vulnerability with Microsoft Windows Print Spooler was discovered earlier this year, which has been referred to as “PrintNightmare”. The vulnerability allows hackers to take control users' Windows systems under certain conditions.
While this may affect the users of Canon devices, this is the result of a flaw within Microsoft software rather than any issue with Canon's products or software. Specifically, the issue lies with the print spooler functionality which is installed on every Windows Server and Windows desktop.
Microsoft announced that these vulnerabilities were resolved within the Microsoft July 6th Security Update, available through Windows Update or by downloading and installing KB5004945. Microsoft recommends that IT teams apply this update immediately to help prevent intrusions related to these vulnerabilities. For full information from Microsoft on the matter, please visit https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
In addition to Microsoft’s advice to install the updates, we also recommend you secure your system by confirming that the following registry settings are set to 0 (zero) or are not defined (Note: these registry keys do not exist by default, and therefore are already at the secure setting). You should also check that your Group Policy settings are correct:
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint
- NoWarningNoElevationOnInstall = 0 (DWORD) or not defined (default setting)
- UpdatePromptSettings = 0 (DWORD) or not defined (default setting)
Having the ‘NoWarningNoElevationOnInstall’ registry key set to 1 reduces your system security posture.
We advise that your IT team continues to monitor the Microsoft support site to ensure that all applicable underlying operating system patches are applied.