Xerox Security BulletinsXerox Security Bulletin Summary PDFs:
Refer to the Xerox Office Group Security Patch Criticality Ratings document for a description of the Security Patch Rating system used for security patches to Xerox office products (as of December 2007).
Refer to the "How to Upgrade, Patch or Clone Xerox Multifunction Devices" Customer Tips document for a description of how to perform remote upgrades, apply patches, and send clone files.
|
Xerox Security Bulletin XRX09-002 (PDF, 78KB)
May 15, 2009
A command injection vulnerability exists in the web server of the WorkCentre/WorkCentrePro 232/238/245/255/265/275, the WorkCentre 7655/7665/7675, and the WorkCentre 5632/5638/5645/5655/5675/5687. if exploited, the vulnerability could allow remote attackers to execute arbitrary code via carefully crafted inputs on the affected web page. Customer and user passwords are not exposed.
> Download Software Update for WorkCentrePro 232/238/245/255/265/275, WorkCentre 7655/7665/7675, and WorkCentre 5632/5638/5645/5655/5675/5687 (zip archive, 8.3MB)
Xerox Security Bulletin XRX09-001 (PDF, 69KB)
January 30, 2009
A command injection vulnerability exists in the web server of the WorkCentre/WorkCentre Pro 232/238/245/255/265/275 and the WorkCentre 5632/5638/5645/5655/5665/5675/5687. If exploited, the vulnerability could allow remote attackers to execute arbitrary code via carefully crafted inputs on the affected web page. Customer and user passwords are not exposed.
> Download Software Update for WorkCentre/WorkCentre Pro 232/238/245/255/265/275 and WorkCentre 5632/5638/5645/5655/5665/5675/5687 (zip archive, 162KB)
|
|
Xerox Security Bulletin XRX08-010 (PDF, 92KB)
September 22, 2008
A Denial of Service vulnerability exists in the Phaser 6200, Phaser 7300, Phaser 7750, and Phaser 8400. If exploited, this vulnerability could allow malicious users to cause the device to restart, thus effectively denying service to legitimate users.
Xerox Security Bulletin XRX08-009 (PDF, 104KB)
Update October 16, 2008 Update October 7, 2008 Original Release: September 19, 2008
A vulnerability exists in the ESS/Network Controller that, if exploited, could allow remote attackers to execute arbitrary code via specially crafted Remove Service Message Block (SMB) responses. This could occur with buffer overflows and un-validated user input in the Samba third-party code that handles file and printer sharing services for SMB clients (including Xerox MFD devices). If successful, an attacker could make unauthorized changes to the system configuration; however, customer and user passwords are not exposed. This vulnerability affects only the printer sharing services.
Download Software Update for WorkCentre Pro 232/238/245/255/265/275, WorkCentre 232/238/245/255/265/275, WorkCentre 7655/7665/7675, and WorkCentre 5632/5638/5645/5655/5665/5675/5687
(zip archive, 6.6MB)
Xerox Security Bulletin XRX08-008 (PDF, 39KB)
July 9, 2008
CentreWare Web has been found to be vulnerable to a set of potential SQL Injection and Cross Site Scripting vulnerabilities. If exploited, these vulnerabilities could allow an attacker to make unauthorized changes to CentreWare Web or asset data, or redirect user browsing sessions.
Xerox Security Bulletin XRX08-007 (PDF, 44KB)
June 12, 2008
A persistent cross site scripting vulnerability exists in the web server of the Xerox 4110 Copier/Printer, the Xerox 4590 Copier/Printer, and the Xerox 4595 Copier/Printer. If exploited, this vulnerability could allow code injection by malicious web users into the web pages viewed by other users.
> Download Install Instructions (PDF, 845MB)
> Download Software Update for Xerox 4110/4590/4595 (zip archive, 28MB)
Xerox Security Bulletin XRX08-006 (PDF, 42KB)
June 12, 2008
A vulnerability exists in the Web Services of the WorkCentre 7655/7665/7675 when attempting to access the Extensible Interface Platform feature under certain conditions. If exploited, this vulnerability could allow an attacker unauthorized access to make changes to the system configuration.
> Download Software Update for WorkCentre 7655/7665/7675 (zip archive, 20MB)
Xerox Security Bulletin XRX08-005 (PDF, 1MB)
June 12, 2008
A persistent cross site scripting vulnerability exists in the web server of the WorkCentre M123/M128, WorkCentre 133, WorkCentre Pro 123/128 and WorkCentre Pro 133. If exploited, this vulnerability could allow code injection by malicious web users into the web pages viewed by other users.
Download Software UpdateRefer to the XRX08-005 Security Bulletin to determine which file to download.
> Group 1 Languages Standard Executable (zip archive, 16MB)
> Group 1 Languages with Postscript Executable (zip archive, 21MB)
> Group 2 Languages Standard Executable (zip archive, 16MB)
> Group 2 Languages with Postscript Executable (zip archive, 21MB)
> Group 3 Languages Standard Executable (zip archive, 15MB)
> Group 3 Languages with Postscript Executable (zip archive, 21MB)
Xerox Security Bulletin XRX08-004 (PDF, 1MB)
May 22, 2008
A persistent cross site scripting vulnerability exists in the web server of the WorkCentre 7132 and WorkCentre 7228/7235/7245. If exploited, this vulnerability could allow code injection by malicious web users into the web pages viewed by other users.
Download Software UpdateRefer to the XRX08-004 Security Bulletin to determine which file to download.
> WorkCentre 7132 Standard Executable (zip archive, 22MB)
> WorkCentre 7132 Standard Binary (zip archive, 20MB)
> WorkCentre 7132 with Postscript Executable (zip archive, 27MB)
> WorkCentre 7132 with Postscript Binary (zip archive, 25MB)
> WorkCentre 7228/7235/7245 Executable (zip archive, 41MB)
> WorkCentre 7228/7235/7245 Binary (zip archive, 39MB)
Xerox Security Bulletin XRX08-003 (PDF, 27KB)
March 28, 2008
As part of Xerox’s on-going efforts to protect customers, a patch is being provided for customers interested in the Common Criteria Certified version, 21.113.02.000, for the WorkCentre 56xx products that adds improved audit logging to meet the requirements of NIAP Policy #15.
> Download Software Update for WorkCentre 56xx products (zip archive, 20MB)
Xerox Security Bulletin XRX08-001 (PDF, 44KB)
January 4, 2008
Vulnerabilities exist in the ESS/Network Controller that, if exploited, could allow remote attackers to execute arbitrary code via specially crafted Remote Procedure Call (RPC) requests.
> Download Software Update for WorkCentre 232/238/245/255/265/275, WorkCentre Pro 232/238/245/255/265/275, and WorkCentre 7655/7665 (zip archive, 8MB)
|
|
Xerox Security Bulletin XRX07-002 (PDF, 42KB)
October 15, 2007
A command injection vulnerability exists in the ESS/ Network Controller and MicroServer Web Server. If exploited, this vulnerability could allow remote execution of arbitrary software.
> Download Software Update for WorkCentre 232/238/245/255/265/275, WorkCentre Pro 232/238/245/255/265/275, and WorkCentre 7655/7665 (zip archive, 1.1MB)
Xerox Security Bulletin XRX07-001 (PDF, 39KB)
August 30, 2007 Original Release: June 29, 2007
A command injection vulnerability exists in the ESS/ Network Controller that, if exploited, could allow remote execution of arbitrary software, forgery of digital certificates, or initiation of Denial of Service attacks.
> Download Software Update (zip archive, 990KB)
|
|
Xerox Security Bulletin XRX06-007 (PDF, 45KB)
October 15, 2007 - Original Release: December 13, 2006
A command injection vulnerability exists in the ESS/ Network Controller and MicroServer Web Server. If exploited this vulnerability could allow remote execution of arbitrary software.
This bulletin has been rescinded and is no longer valid. Download Permanently Unavailable
Xerox Security Bulletin XRX06-006 (PDF, 42KB)
July 26, 2007 Original Release: November 30, 2006
Cumulative update to address multiple security vulnerabilities
Xerox Security Bulletin XRX06-005 (PDF, 144KB)
October 15, 2007 - Original Release: October 3, 2006
Vulnerability in the ESS/ Network Controller and MicroServer Web Server could allow remote execution of arbitrary software.
This bulletin been superseded by XRX07-002. Download Permanently Unavailable
Xerox Security Bulletin XRX06-004 (PDF, 43KB)
October 4, 2006
Cumulative update to address multiple security vulnerabilities
Xerox Security Bulletin XRX06-003 (PDF, 20 KB)
July 27, 2007 Original Release: June 22, 2006
Cumulative update for Common Criteria Assurance Maintenance. Note: This bulletin has been superseded by XRX06-006.
Xerox Security Bulletin XRX06-002 (PDF, 44 KB)
October 25, 2006
System software versions available to address denial of service and other vulnerabilities in ESS
Xerox Security Bulletin XRX06-001 (PDF, 35KB)
April 24, 2006 Original Release: 02/20/06
Vulnerabilities in the ESS/ Network Controller and MicroServer Web Server could potentially permit unauthorized access. Note: This bulletin has been superseded by XRX06-003.
|
|
Xerox Security Bulletin XRX05-009 (PDF, 41KB)
August 10, 2005
Vulnerabilities in the Xerox MicroServer Web Server could potentially permit unauthorized access.
> Download Software Update (zip archive, 518 KB)
Xerox Security Bulletin XRX05-008 (PDF, 69KB)
August 10, 2005
Vulnerabilities in the Xerox MicroServer Web Server could potentially permit unauthorized access.
> Download Software Update (zip archive, 2759 KB)
Xerox Security Bulletin XRX05-007 (PDF, 101KB)
August 25, 2005
Vulnerabilities in the Xerox MicroServer Web Server could potentially permit unauthorized access.
> Download Software Update (zip archive, 1683 KB)
Xerox Security Bulletin XRX05-006 (PDF, 41KB)
August 4, 2005
Vulnerabilities in the Xerox MicroServer Web Server could potentially permit unauthorized access.
> Download Software Update (zip archive, 582 KB)
Xerox Security Bulletin XRX05-005 (PDF, 36KB)
April 13, 2005
Vulnerability in the Xerox MicroServer Web Server could potentially permit unauthorized access.
> Download Software Update (zip archive, 7.9MB)
Note: This patch applies to launch level software only.
Xerox Security Bulletin XRX05-004 (PDF, 52KB)
June 13, 2005
Vulnerability in the Xerox MicroServer Web Server could cause a denial of service.
> Download Software Update (zip archive, 2.2MB)
Xerox Security Bulletin XRX05-003 (PDF, 53KB)
June 13, 2005
Vulnerability in the http server on the ESS/ Network Controller could potentially permit unauthorized access.
> Download Software Update (zip archive, 97KB)
Critical Security Update for Xerox DocuColor 6060 XPe System Update Software (1H23O1)Version: 2.2
February 18, 2005
System Updates is a print server service that keeps the system software on your print server up-to-date with the latest Microsoft security updates. Note: The prerequisite for System Updates functionality is to have patches 1-G88R5, and 1-G6ZLT installed on the Fiery.
Critical Security Update for Xerox DocuColor 7000/8000 XPe System Update Software (1H23O1)Version: 1.0
February 18, 2005
System Updates is a print server service that keeps the system software on your print server up-to-date with the latest Microsoft security updates. Note: The prerequisite for System Updates functionality is to have patches 1-G88R5, and 1-G6ZLT installed on the Fiery.
Xerox Security Bulletin XRX05-002 (PDF, 22KB)
January 19, 2005
Vulnerability in the WorkCentre M24 scanning/faxing software could expose personal information.
Xerox Security Bulletin XRX05-001 (PDF, 125KB)
January 14, 2005
Vulnerability in the ESS/ Network Controller could potentially permit unauthorized access.
> Download Software Update (zip archive, 8.25MB)
|
|
Xerox Security Bulletin XRX04-010 (PDF, 38KB)
December 20, 2004
Vulnerability in the ESS/ Network Controller could potentially permit unauthorized access.
> Download Software Update (zip archive, 24MB)
Xerox Security Bulletin XRX04-009 (PDF, 36KB)
April 13, 2004
Vulnerability in the http server on the ESS/ Network Controller could potentially permit unauthorized access.
> Download Software Update (PDF, 13KB)
Xerox Security Bulletin XRX04-008 (PDF, 33KB)
May 2, 2005
The information provided here is consistent with the security functional claims made in the Security Target
Xerox Security Bulletin XRX04-007 (PDF, 101KB)
August 31, 2004
Vulnerability in the Xerox MicroServer Web Server could cause a denial of service
> Download Software Update (zip archive, 2.1 MB)
Xerox Security Bulletin XRX04-006 (PDF, 103KB)
August 31, 2004
Vulnerability in the ESS/ Network Controller could cause Immediate Image Overwrite to fail in a specific instance with no indication after an unexpected power loss
> Download Software Update (zip archive, 613 KB)
Xerox Security Bulletin XRX04-005 (PDF, 65KB)
June 7, 2005
Vulnerability in the ESS/ Network Controller could potentially permit unauthorized access
> Download Software Update (zip archive, 8.7 MB)
Xerox Security Bulletin XRX04-004 (PDF, 99KB)
June 24, 2004
Vulnerability in the ESS/ Network Controller could cause a denial of service
> Download Software Update (zip archive, 27 MB)
Xerox Security Bulletin XRX04-003 (PDF, 146KB)
April 14, 2004
WorkCentre Multifunction Devices (MFD) PostScript directory traversal patch
> Download Software Update (zip archive, 6 MB)
Xerox Security Bulletin XRX04-002 (PDF, 116KB)
March 10, 2004
Xerox MicroServer Web Server Vulnerability
> Download Software Update (zip archive, 28 MB)
|
| |
RSS Feed: Get Xerox Security Bulletins