cancel
Showing results for 
Search instead for 
Did you mean: 
XMP_Admin
Xerox Employee
Xerox Employee

CVE202-34527 and Workplace Cloud

In regards to CVE202-34527 and Xerox Workplace Cloud, we have reviewed the vulnerability and XWC primary workflows are not vulnerable to this issue.  This evaluation includes both our client and cloud-hosted architecture.  The issue is primarily exploitable for traditional print servers which XWC does not use to deliver the XWC service.  The vulnerability requires an authenticated user to the server executing remote procedure calls against the spooler service to gain elevated privileges to the server. 

There is one submission workflow in XWC, the “windows shared print queue” available in the XWC Agent inbound queue configuration, which is vulnerable to this security issue but is not a widely used workflow.  If a customer who is using this workflow wants to disable it until a patch is available from Microsoft they may do so, but in the meantime, printing will not be available using the workflow.  There are no workarounds for this issue and a patch must be provided from Microsoft. 

For the latest information please see the Microsoft bulletin here:  https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527

 

"Innovating how the world communicates, connects and works."