Lexmark confirmed this week that many of its printer models have security vulnerabilities, some of which are rated critical. The company has released seven security advisories for Lexmark devices. Successful exploitation of the vulnerabilities can result in remote code execution on a device. Updates are available for affected devices.
All security advisories have been published on March 10, 2023. Hundreds of printers are affected, including Lexmark MC3224, Lexmark B2338, Lexmark CX930 and Lexmark XC9335.
Lexmark notes that it is "not aware of any malicious use against Lexmark products" at the time of publication of the seven security advisories. The vulnerabilities have been reported to Lexmark by Trend Micro's Zero Day Initiative.
Some Lexmark devices have Internet connectivity. These may check for and upgrade firmware directly from the embedded web server. To access the web interface, load the IP address of the printer in a web browser. Select Device > Update Firmware then, and then Check for Updates. If an update is available, click "I agree, start update", to download and install it on the device.
Lexmark customers may also download updated firmware manually and install it on the printer to resolve the issue. The best starting point is to use
Lexmark's official drivers & downloads support page to search for updates for a particular printer model.
Look for the most recent firmware for the printer in question and download it to the local system. Note that the file size may be several hundred megabytes.
It is recommended to check the security advisories linked above to make sure that the listed firmware on Lexmark's download website fixes the listed vulnerabilities.
Lexmark's firmware
update instructions support page offers instructions on how to update the firmware of company devices.
