we were able to figure it out by digging into HP forums… Unfortunately, it doesn’t seem HP documented the new tool and how to use it.
Even if the help stated the command line to be the same, it turned out it didn’t work at all. HP released a new version called HPFirmwareUpdRec to replace it. Looking at details about the BIOS update, we noticed that the HPBIOSUPDREC.exe that was used was no longer available. Downloading drivers and BIOS updates were the usual. In something which we’ll admit is against the usual run of things, any relatively recent HP tech owner (within the last 8 years) is more likely to be affected by this security flaw than not!Īdmittedly, no, the chances that someone would ever access your system and execute this flaw is pretty slim.At a client site, they received newest HP models to be tested. – And given that this is a known issue on over 200 products, don’t be fooled into thinking that this probably doesn’t apply to you. – If you own any description of HP laptop or PC system, you are strongly advised (borderline compelled in fact) to visit the official HP website and, if applicable to your system, install the new BIOS updates as soon as possible.
The advice in this regard is pretty clear. Here is my blog post with the technical details: (PSR-2021-0177 is mine)- nicholas starke What Should I Do? I was not credited anywhere, despite being told by that I would be credited. I’ve been working on a vulnerability for six months and the advisory was just made public yesterday. This means that, in the grand scheme of things, this is about as close to being as serious and dangerous a security flaw as it can get! Itemised as ‘CVE-2021-3808’ and ‘CVE-2021-3809’, however, these have been classified with a score of 8.8 on the Common Vulnerability Scoring System Version 3.1 (CVSS 3.1) scale. – And yes, I strongly suspect that this is probably something to do with the HP software (bloatware) they pre-package with systems. A method which would completely prevent it from being detected by anti-virus products. – Although details on how the flaw can be executed have clearly not been posted online, the overall issue resided in a backdoor that allowed the BIOS to be accessed, and from this, malware could be installed/executed. The security flaw was originally identified on HP products around 6-8 months ago by Nicholas Starke (an independent security researcher). Attention folks! – Do you own an HP tech item such as a PC or laptop? If the answer is yes, or you know someone who does, then you might want to pay attention as following an official post on their website, HP has confirmed the release of a new BIOS update that looks to correct a huge security flaw recently discovered within over 200 of their PC and (predominantly we suspect) laptop products! HP BIOS Update Looks to Fix Huge Security Flaw in 200+ Products!
0 kommentar(er)
