Information about the Impact of Meltdown / Spectre vulnerability on our multifunction devices and printers

US-CERT published information about Meltdown / Spectre (CVE-2017-5754/5715/5753) as vulnerability existing in microprocessors.

US-CERT: Meltdown and Spectre Side-Channel Vulnerabilities
https://www.us-cert.gov/ncas/current-activity/2018/01/03/Meltdown-and-Spectre-Side-Channel-Vulnerabilities

However, we have confirmed that our multifunction devices and printers are not affected by this vulnerability described as follows; therefore, you can use them without the risk as leakage of information from them:

• Our multifunction devices and printers are designed so that programs except legitimate firmware cannot be installed. Therefore, this vulnerability cannot be used to run malicious programs.
• The installation of Add-on Application for our multifunction devices is restricted to the machine administrator. Therefore, it cannot be installed by a third party. In addition, setting signature verification function valid assures to block installation of unauthorized programs.

Please note that we are confirming the impact of this vulnerability on our production printers (print servers).

We would like to inform you about the influence range and the status of response on our production printers (print servers) as follows:

– Continuous Feed Printers

• We have confirmed that they are not affected by this vulnerability and you can use them with confidence.

– PX Print Server Series

• We have verified that the PX Print Servers are not affected noticeably by OS patch(es).

– GX Print Server Series

• We have verified that the GX Print Servers are not affected noticeably by OS patch(es).

– EFI^® EX Print Server Series

• We are checking the effect of this vulnerability, please refer to the following site.
  https://security.business.xerox.com/en-us/news/potential-vulnerability-affects-intel-processors/

– FreeFlow Print Server Series

• We are waiting for measures from the vendor.