Product Security Guidance

News Archive

Jump To: 2014| 2013| 2012| 2011| 2010 | 2009 | 2008 | 2007 | 2006 | 2005 | 2004

2014
April 11, 2014 - The Heartbleed OpenSSL Vulnerability V1.0
A vulnerability has been discovered in the OpenSSL cryptographic software version 1.0.1 to 1.0.1f widely used across the Internet for banking, investment, medical and other encrypted network traffic.

This document lists the Xerox products and whether or not they are affected by this issue. There are also explanations of Recommend Actions.

Detailed descriptions of the issues may be found at the US-CERT web site:
http://www.kb.cert.org/vuls/id/720951 

2013
May 31, 2013 - Consult the Chief Optimist
Read about seeing and seizing opportunities others may miss. Review and explore, and even interact. See optimistic info and ideas in the on-line Chief Optimist e-zine.

2012
June 26, 2012 - Xerox office printers not impacted by "gibberish" malware
The Trojan.Milicenso malware does not infect the Xerox print device; no actions or changes are needed. This malware can infect a computer if the user opens an e-mail attachment, visits a web site with the malware delivered there or downloads a file that appears to be audio or video codecs (encoders/decoders). This may result in data sent to printers and multi-function devices causing an output of multiple pages of unintelligible characters. Depending on the printer or multifunction device, if this malware prints using a specific paper tray, it may be possible to empty or disable that tray to stop paper waste.

Xerox recommends that users follow industry best practices and vendor recommendations to protect computer operating systems from malware and respond to infections.

February 27, 2012 - Xerox Print and MFD devices can have Software Upgrades restricted
Recent news such as National Cybersecurity and Communications Integration Center Bulletin 1-0012-NCCIC-130020120223 have detailed how uncontrolled software upgrades create security issues for Printers and Multi-Function Devices. A number of Xerox devices can have Software Upgrades restricted to the device Administrator.

2011
August 25, 2011 - Xerox has received more inquiries about “Scanned from a WorkCentre Pro” malware in e-mailed PDF files – Malware Alert
As a variant to the SPAM alert we posted last summer, customers are now receiving e-mails that appear to be notifications that an e-mail containing a PDF file could not be delivered. During last summer, files that had the file extension of .ZIP or .EXE were sent and those formats are not supported by Xerox devices. The danger is that now, the attachments are PDF files which are supported as a valid scan format from Xerox WorkCentre devices. The mail notes may look like a realistic “bounce” message from a Mail Transfer Agent. Being aware of which MTA you or your company uses could help in identifying fake notes.

Users are tempted to open the PDF file with the phrase, “Please open the attached document. It was scanned and sent to you using a XER0X Work Centre Pro.”

Xerox advises all users to only open scan to e-mail files that are sent from a reliable, identifiable, and verifiable source. The other key way to determine if this is a scam e-mail, versus real, is that the “From” field of the spam e-mail will mimic an actual user’s e-mail address, as opposed to a machine name e-mail (i.e. wcp245@xerox.com). These files could contain a number of Oficia Trojan variants or some of the more recent PDF malware code.

Customers with questions should contact their local Xerox sales representative, or call 1-800-ASK-XEROX.

July 21, 2011 - Need Solitary Confinement for your sensitive data? The WorkCentre 5665/5675/5687, WorkCentre 5735/5740/5745/5755/5765/5775/5790, WorkCentre 7425/7428/7435 and the WorkCentre 7525/7530/7535/7545/7556 now have a removable hard drive option. You can read about it in the WorkCentre Removable Hard Drive Brochure.

June 30, 2011 - The Xerox Color 550/560 Printer receives Common Criteria Certification to EAL Level 3.
The Xerox Color 550/560 Printer devices have been evaluated and validated for conformance to the Common Criteria for IT Security Evaluation (ISO Standard 15408) to EAL Level 3.

May 6, 2011 - ColorQube 9301/9302/9303 MFPs launch with Solid Ink and Solid Security
Pick your protection to keep your documents safe. The Xerox Secure Access Unified ID System to use a swipe card for access, SSL, FIPS 140-2 Compliant Encryption, IP Sec, Secure Print, IP Filtering, 802.1X, Hard Disk Encryption, Image Overwrite and the ability to Enable/Disable USB ports are all there.

February 7, 2011 - ShmooCon To Spotlight Importance of Printer and MFP Security
Larry Kovnat – Xerox Product Security Manager

The seventh annual ShmooCon, a hacker convention in Washington, D.C. that promotes open discussion of information security, was held recently. Media was reporting in advance of the event that a big focus will be on the security of data flowing through your printers and MFPs. We’re glad this issue is continuing to get attention. For further information use the links below to the Real Business at Xerox Blog.

Real Business at Xerox Blog

Printer Industry Called to Action – CBS Follows Up on Copier Security Investigation

CBS Copier Security Investigation & What You Need to Know

January 25, 2011 - WorkCentre 5735/5740/5745/5755 and WorkCentre 5765/5775/5790 MFP devices receive Common Criteria Certification to EAL Level 3
The WorkCentre 5735/5740/5745/5755/5765/5775/5790 MFP devices have been evaluated and validated for conformance to the Common Criteria for IT Security Evaluation (ISO Standard 15408) to EAL Level 3.

2010
December 14, 2010 - WorkCentre 4250/4260 MFP devices receive Common Criteria Certification to EAL Level 3
The WorkCentre 4250/4260 devices have been evaluated and validated for conformance to the Common Criteria for IT Security Evaluation (ISO Standard 15408) to EAL Level 3.

November 30, 2010 - Xerox Color 550/560 Printer enters Common Criteria Certification
The Xerox Color 550/560 Printer has entered Common Criteria Certification. It is to be certified to EAL Level 3.

November 30, 2010 - WorkCentre 5632/5638/5645/5655/5665/5675/5687 MFP devices receive Common Criteria Certification to EAL Level 3
The WorkCentre 5632/5638/5645/5655/5665/5675/5687 devices have been evaluated and validated for conformance to the Common Criteria for IT Security Evaluation (ISO Standard 15408) to EAL Level 3.

November 30, 2010 - WorkCentre 5135/5150 MFP devices receive Common Criteria Certification to EAL Level 3
The WorkCentre 5135/5150 devices have been evaluated and validated for conformance to the Common Criteria for IT Security Evaluation (ISO Standard 15408) to EAL Level 3.

October 5, 2010 - Security is Built In on New Xerox WorkCentre Multifunction Printers
The new WorkCentre 7545 and WorkCentre 7556 MFPs come equipped with security features including hard disk encryption, image overwrite to electronically "shred" data, fax isolation to prevent unauthorized access to data, and network authentication to restrict access to scan, e-mail, and fax features.

August 11, 2010 - Xerox WorkCentre 7120 achieves Common Criteria Certification
The Xerox WorkCentre 7120 has been awarded Common Criteria Certification at EAL Level 3. See our "Common Criteria Certified Products" page for more information.

August 11, 2010 - Xerox Advises Securing Data In Printer Hard Drives
In this article on InformationWeek the Xerox Product Security Manager Larry Kovnat cautions customers to protect their data. Xerox has hosted webinars on the subject and in the article there is a video from Larry with information that will help.

July 20, 2010 - Xerox Alert: WorkCentre Pro Scan to Email Files – Spam Alert
In the past few days we’ve received numerous inquiries regarding suspicious looking e-mails with a subject of “Scan from a Xerox WorkCentre Pro” and containing a single .ZIP file attachment (a new variant contains an .EXE file) tagged with a number, assigned at random. The e-mail is mimicking a scan to e-mail file from a Xerox WorkCentre Pro. Opening the e-mail will reveal an executable file called Xerox_doc.exe, which is a variant of the Oficla Trojan. Depending on the type of antivirus software you have, it may be detected as one of the following: Spam-mailbot.m, W32/Oficla, TROJ_DLOADR.REF or TROJ_FAKEAV.SMZQ.

Xerox advises all users to only open scan to e-mail files that are sent from a reliable, identifiable source. Also, all scan to e-mail files from a Xerox WorkCentre Pro will be delivered as either a file with a tiff or PDF file attachment, NOT a ZIP or EXE file, which accompanies files sent through this spam mail. The other key way to determine if this is a scam e-mail, versus real, is that the “From” field of the spam e-mail will mimic an actual user’s e-mail address, as opposed to a machine name e-mail (i.e. wcp245@xerox.com.)

Customers with questions should contact their local Xerox sales representative, or call 1-800-ASK-XEROX.

June 1, 2010 - New York Times: Why Photocopiers Have Hard Drives
Larry Kovnat, a product security manager for Xerox, provides insights into photocopier security in this New York Times article.

June 1, 2010 - Three more Xerox products are in evaluation for Common Criteria Certification
Xerox has placed the WorkCentre 5735/5745/5755, the WorkCentre 5765/5775/5790, and the WorkCentre 7755/7765/7775 in evaluation for Common Criteria Certification at EAL Level 3. See our "Common Criteria Certified Products" page for more information.

May 18, 2010 - Multi-function Printer (MFP) Security: What You Need to Know to Protect Your Data & Network
Customers are worried about the dangers of sensitive information being left behind on the disk drives of multifunction devices. Xerox has recognized this problem for over 10 years and has built effective security controls into our devices to address the issue. Office managers and IT support staff are learning they must play an active role in ensuring the security of data on their office equipment. This involves understanding how document technology being placed in the office interacts with a network as well as developing procedures to ensure information is protected where appropriate. The webinars and customer seminars will address topics such as: office Information that needs to be protected, relevant legislation, multi-function systems and data interaction, data encryption, data erase/overwrite, multi-function systems and independent certification, multi-function systems and good security practices, and safe disposal. Xerox is hosting a series of seminars in selected locations on these topics. Contact your local Xerox sales representatives for information on a seminar near you.

You may also read the blog entry submitted by Rick Dastin, President of the Xerox Global Products Delivery Group.

April 20, 2010 – Xerox 4112/4127 receives Common Criteria Certification at EAL Level 3
The Xerox 4112/4127 Copier/Printer was evaluated and validated for conformance to the Common Criteria for IT Security Evaluation (ISO Standard 15408).

February 28, 2010 – Security Featured in New WorkCentre 7700 Series
Xerox launched the new WorkCentre 7700 Series that includes the following security features: full support for the IPv6 network security standard, an Image Overwrite feature that shreds data stored on the hard drive, a Secure Print feature that holds files in the print queue until a PIN is entered to release the documents to print, and Network Authentication that restricts access to scan, email, and network fax features by validating user names and passwords prior to use.

2009
August 25, 2009 – Xerox Drives New Security Standards for Office Printing Products
Xerox has teamed with the IEEE to develop consistent security standards across the print industry. The ColorQube 9201/9202/9203 is being certified and expected to be the first product to achieve this certification.

July 22, 2009 – Xerox WorkCentre 7425/7428/7435 Receives Common Criteria Certification
The Xerox WorkCentre 7425/7428/7435 color multifunction device was evaluated and validated for conformance to the Common Criteria for IT Security Evaluation (ISO Standard 15408).

June 11, 2009 - Xerox WorkCentre 4150 Receives Common Criteria Certification
The Xerox WorkCentre 4150 multifunction printer was evaluated and validated for conformance to the Common Criteria for IT Security Evaluation (ISO Standard 15408).

May 7, 2009 - Xerox launches the world’s first high-speed solid ink multifunction printer, the ColorQube 9201/9202, which has an array of security features including 802.1x, audit log, fax security, HTTPS (secure scan and network server), hard disk encryption, IP filtering, IPSec, image overwrite security, lock printing of received faxes, network authentication, password protected device access, SNMPv3, secure print, IPSec, and user authentication (optional Xerox Secure Access Unified ID System).

2008
November 11, 2008 - Xerox is one of a number of organizations endorsing the CSSLP (Certified Secure Software Lifecycle Professional) certification from (ISC)2 that is designed to validate secure software development knowledge and best practices.

October 21, 2008 - Xerox presented on Managing Security Through Services Process Leadership at the SSPA (Service & Support Professional Association) Conference.

January 25, 2008 - Xerox WorkCentre 7328/7335/7345 Receives Common Criteria Certification
The Xerox WorkCentre 7328/7335/7345 color multifunction device was evaluated and validated for conformance to the Common Criteria for IT Security Evaluation (ISO Standard 15408).

2007
July 8, 2007 - Watch this ~8 minute video that is part of an IT Week Vendor Video Q&A series. Larry Kovnat, Xerox Product Security Manager, discusses Xerox device security, risk management, and device certification.
Watch this ~8 minute video that is part of an IT Week Vendor Video Q&A series. Larry Kovnat, Xerox Product Security Manager, discusses Xerox device security, risk management, and device certification.

April 19, 2007 - Xerox Secure Access Unified ID System™
Xerox Secure Access Unified ID System integrates your Xerox multifunction systems with your existing employee/student ID badge solution to provide a flexible and convenient authentication system.

2006
August 18, 2006 - Xerox Multifunction Systems and Network Security: What You Should Know
Xerox is committed to helping customers maintain a secure network environment, particularly as it relates to the use of multifunction products, which print, copy, fax and scan. Since all Multifunction Products (MFPs) -- regardless of vendor -- contain hard drives and software, MFPs require the security precautions associated with other network peripherals.

2005
December 12, 2005 - Common Criteria Evaluation - Q&A (Sharp) (PDF, 235 KB)
Products from Xerox and Sharp have received Common Criteria Certification. What's the difference? Xerox certified the entire product. Read this backgrounder to understand the differences in approach to certification adopted by the two companies.


December 12, 2005 - Common Criteria Evaluation - Q&A (Ricoh) (PDF, 273 KB)
Products from Xerox and Ricoh have received Common Criteria Certification. What's the difference? Xerox certified the entire product. Read this backgrounder to understand the differences in approach to certification adopted by the two companies.


December 12, 2005 - Common Criteria Evaluation - Q&A (Canon Inc.) (PDF, 211 KB)
Products from Xerox and Canon Inc. have received Common Criteria Certification. What's the difference? Xerox certified the entire product. Read this backgrounder to understand the differences in approach to certification adopted by the two companies.


October 21, 2005 - Xerox digital security solutions lock down mission-critical digital information to make sure it doesn’t fall into the wrong hands.
See the Security Features offered by the Xerox CopyCentre® C2128/C2636/C3545 and the Xerox WorkCentre® Pro C2128/C2636/C3545.

2004
July 13, 2004 - Setting New Standards for Security in the Office (PDF, 1024 KB)
Announcing Common Criteria Certification for the Xerox WorkCentre M35/M45/M55 and WorkCentre Pro 35/45/55