HP Fixes Flaws Affecting Multiple PC And Notebook Products

Share post:

HP’s BIOS updates will address two high-severity flaws affecting multiple PC and notebook products. The flaws tracked as CVE-2021-3808 and CVE-2021-3809 both have a CVSS 3.1 base score of 8.8.

The vulnerabilities allow code to run with Kernel-level privileges giving threat actors the access to overwrite firmware in more than 200 models.

Affected products include business notebooks like Zbook Studio, ZHAN Pro, EliteBook, ProBook, and Elite Dragonfly, business desktop PCs like the EliteDesk and ProDesk, and retail PoS computers like the Engage, workstations like the Z1 and Z2, and thin client PCs.

Once the attacker locates the memory address of the “LocateProtocol” function and overwrites it with malicious code, the attacker can then trigger code execution by instructing the SMI handler to execute.

The goal of this type of attack is to overwrite the UEFI Implementation (BIOS) of the machine with attacker-controlled BIOS images. By doing this, an attacker can plane persistent malware that cannot be removed by antivirus tools, and not even with OS reinstalls.

The sources for this piece include an article in BleepingComputer.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, Week in Review for Friday, December 8, 2023

This episode features discussion on cyber attacks against OT networks, the discovery of exposed servers with medical images and  why outdated Microsoft Exchange servers are s

Canadian mid-sized firms pay an average $1.13 million to ransomware gangs

Survey for Palo Alto Networks also shows fewer firms willing to pay da

Cyber Security Today, Dec. 8, 2023 – Ransomware is increasingly impacting OT systems, and more

This episode reports on how hackers break into AWS cloud instances, fake anti-Ukraine online ads  using photos of celebrities

Canadian privacy czars release principles for responsible development of AI

The principles remind AI developers they have to follow Canadian data pr

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways