1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Serious vulnerabilities in HP devices left unpatched for months o

    From TechnologyDaily@1337:1/100 to All on Mon Sep 12 15:30:04 2022
    Serious vulnerabilities in HP devices left unpatched for months on end

    Date:
    Mon, 12 Sep 2022 14:12:45 +0000

    Description:
    Flaws allowing for arbitrary code execution found on multiple HP models.

    FULL STORY ======================================================================

    Multiple high-severity vulnerabilities affecting a number of HP business notebooks , business desktop PCs , point of sale systems, and workstations , have been sitting unpatched for months on end, researchers have warned.

    This could mean countless HP users are at risk of having their endpoints broken, their files stolen, or their digital accounts compromised, as all of the flaws found allow for arbitrary code execution.

    Whats more, as the flaws are in the firmware, they can persist even after reinstalling the operating system, experts have warned. Partial fix

    According to Binarly, the company found a total of six vulnerabilities -
    three in July 2021 and three more in April 2022, all of which are System Management Module (SMM) memory corruption vulnerabilities.

    The flaws are tracked as CVE-2022-23930 (8.2), CVE-2022-31644 (7.5), CVE-2022-31645 (8.2), CVE-2022-31646 (8.2), CVE-2022-31640 (7.5), and CVE-2022-31641 (7.5).

    Since the disclosure, HP has published three security advisories for three of the flaws, and pushed three BIOS updates, fixing the flaws on some of the models.

    However, the company has failed to release any patches for the devices in Elite, Zbook, or ProBook series, as well as for ProDesk, EliteDesk, and
    ProOne series. HP workstations, including Z1, Z2, Z4, and Zcentral, are also still vulnerable to the flaws. Read more

    HP's most annoying bloatware has a serious security flaw


    Your HP printer could be facing the risk of a serious cyberattack


    Best cloud backup right now

    Even though Binarly warned of the potential risk associated with not having patches for these flaws, the company did stress the difficulties that come with fixing vulnerabilities for a single vendor.

    As a result of the complexity of the firmware supply chain, there are gaps that are difficult to close on the manufacturing end since it involves issues beyond the control of the device vendors, it said in its report.

    TechRadar Pro has reached out to HP for a comment on when it plans on releasing fixes for the affected devices, and will update the article if we receive a reply. These are the best patch management software options around right now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/serious-vulnerabilities-in-hp-devices-left-unpa tched-for-months-on-end/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)