HP Push BIOS Update Solves High-risk Vulnerabilities Affecting More Than 200 Computer Models

take 4 minutes to read
Home News Main article

Do you own an HP laptop, desktop or POS PC? Then you may need to make sure that its BIOS is up-to-date. The company has just released updates for more than 200 device models, fixing two high severity vulnerabilities in UEFI firmware According to bleeping computer, HP has warned about potential security vulnerabilities that may allow the execution of arbitrary code with kernel privileges, which will enable hackers to enter the device BIOS and implant malware, which cannot be removed by traditional anti-virus software or reinstalling the operating system.

The basic score of CVss 3.1 of these two vulnerabilities -- cve-2021-3808 and cve-2021-3809 -- is a high severity of 8.8.

HP did not disclose any technical details about these vulnerabilities. This was left to security researcher Nicholas stark, who discovered these vulnerabilities.

"This vulnerability may allow an attacker to execute with kernel level privileges (CPL = = 0) and elevate the privileges to system management mode (SMM). By performing operations in SMM mode, the attacker can gain full privileges on the host and carry out further attacks," stark wrote

Starke added that in some HP models, some mitigation measures need to be bypassed to make the vulnerability work, including HP's sure start system, which can detect the tampering of firmware running time.

The devices affected by this vulnerability are quite extensive, including business laptops, such as elite dragonfly, elite books and probooks; Business desktop computers, including elitedesk and eliteone; Special computers for retail outlets, such as engage; Desktop workstation computer (Z1, Z2 Series); There are also four thin client computers.

You can see the complete list of HP devices affected and corresponding SoftPaqs here. Not all devices have been updated:

https://support.hp.com/us-en/document/ish_6184733-6184761-16/hpsbhf03788

The Report Says The MacBook Pro Assembly Plant Is Unlikely To Return To Its Previous Production Levels By July
« Prev 05-12
Exploring Underground Ecosystems: Scientists Have Found Many New Soil Viruses
Next » 05-12