*Does not support XP systems that have set the BIOS setup password.
Not all of them have received the updates yet.This package provides the HP BIOS Configuration Utility (BCU) for supported notebook, desktop, and workstation models that are running a supported operating system. You can see the complete list of affected HP devices and the corresponding SoftPaqs here. The extensive list of devices affected by the vulnerabilities includes business notebook PCs such as the Elite Dragonfly and several EliteBooks and ProBooks business desktop PCs, including the EliteDesk and EliteOne retail point-of-sale PCs like the Engage desktop workstation PCs (Z1, Z2 lines) and four thin client PCs. One of the affected devices: the HP Elite Dragonfly Starke added that there are mitigations in some HP models that would need to be bypassed for the vulnerabilities to work, including HP Sure Start system, which detects when the firmware runtime has been tampered with. "Executing in SMM gives an attacker full privileges over the host to further carry out attacks."
"This vulnerability could allow an attacker executing with kernel-level privileges (CPL = 0) to escalate privileges to System Management Mode (SMM)," Starke wrote. Here is my blog post with the technical details: (PSR-2021-0177 is mine) I was not credited anywhere, despite being told by that I would be credited. I've been working on a vulnerability for six months and the advisory was just made public yesterday.
That was left to security researcher Nicholas Starke, who discovered them but has not been credited by HP despite being told they would be. HP hasn't revealed any technical details about the vulnerabilities. The company has just released updates for more than 200 device models that fix two high-severity vulnerabilities in the UEFI Firmware.Īs reported by Bleeping Computer, HP has issued an advisory over potential security vulnerabilities that could allow arbitrary code execution with Kernel privileges, which would enable hackers to access to a device's BIOS and plant malware that can't be removed by traditional antivirus software or reinstalling the operating system.īoth the vulnerabilities-CVE-2021-3808 and CVE-2021-3809-have a high-severity CVSS 3.1 base score of 8.8. In brief: Do you own an HP laptop, desktop, or PoS PC? Then you might want to ensure its BIOS is up to date.
0 kommentar(er)
