HP has released a series of updates aimed at addressing a selection of perhaps major stability flaws influencing a large quantity of its computing units.
Initially detected in November 2021, the malware issues influence some of HP’s most common brand names, including EliteBook notebooks, EliteDesk desktops and its Z1 and Z2 workstations.
The flaws, tracked as CVE-2021-3808 and CVE-2021-3809 and offered a high severity score, could have authorized hackers to attain obtain to target units and operate code with Kernel privileges, potentially allowing for them to execute any command at a Kernel level.
HP safety concerns
In a security advisory printed on its internet site, HP mentioned that “prospective safety vulnerabilities have been identified in the BIOS (UEFI Firmware) for sure HP Personal computer solutions, which could possibly allow arbitrary code execution. HP is releasing firmware updates to mitigate these probable vulnerabilities”.
The company didn’t go into any precise technological facts regarding the difficulties, but is urging prospects to obtain and update quickly.
Having said that, Nicholas Starke, the researcher who initial uncovered the flaws, outlined the likely outcomes that the problems might have experienced in a bit extra depth.
“This vulnerability could make it possible for an attacker executing with kernel-degree privileges (CPL == ) to escalate privileges to System Administration Mode (SMM). Executing in SMM provides an attacker total privileges more than the host to even more have out attacks,” Starke mentioned in a blog site write-up.
He outlined how a vulnerable SMI handler can be activated via the Windows kernel driver, with attackers equipped to cause remote code execution right after locating the memory handle of the “LocateProtocol” purpose and overwriting it with malicious code.
They could then set up malware that would be unremovable, even applying antivirus platforms or an OS reinstall.
Some HP styles are capable to resist these assaults, Starke additional, with the firm’s HP Sure Begin application able to detect this kind of interference, shutting down the host and urging buyers to approve a method boot.
The information will come soon after HP issued patches for four perilous vulnerabilities influencing hundreds of its printers that could guide to distant code execution, information theft, or denial of assistance.
By means of BleepingComputer