HP Fixes Flaws Affecting Multiple PC And Notebook Products

Share post:

HP’s BIOS updates will address two high-severity flaws affecting multiple PC and notebook products. The flaws tracked as CVE-2021-3808 and CVE-2021-3809 both have a CVSS 3.1 base score of 8.8.

The vulnerabilities allow code to run with Kernel-level privileges giving threat actors the access to overwrite firmware in more than 200 models.

Affected products include business notebooks like Zbook Studio, ZHAN Pro, EliteBook, ProBook, and Elite Dragonfly, business desktop PCs like the EliteDesk and ProDesk, and retail PoS computers like the Engage, workstations like the Z1 and Z2, and thin client PCs.

Once the attacker locates the memory address of the “LocateProtocol” function and overwrites it with malicious code, the attacker can then trigger code execution by instructing the SMI handler to execute.

The goal of this type of attack is to overwrite the UEFI Implementation (BIOS) of the machine with attacker-controlled BIOS images. By doing this, an attacker can plane persistent malware that cannot be removed by antivirus tools, and not even with OS reinstalls.

The sources for this piece include an article in BleepingComputer.


Related articles

Cyber Security Today, Week in Review for week ending Friday, June 21, 2024

Welcome to Cyber Security Today. This is the Week in Review edition for the week ending Friday June...

Cyber Security Today, June 21, 2024 – US to ban Kaspersky for businesses, consumers

U.S. to ban the sale of Kaspersky products to consumers and businesses. Welcome to Cyber Security Today. It's Friday...

Biden administration to ban US sales of Kaspersky software over ties to Russia

The Biden administration is set to announce a ban on the sale of Kaspersky Lab's antivirus software in...

Target’s new AI is aimed at employees

Target is introducing a new generative artificial intelligence tool aimed at enhancing the efficiency of its store employees...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways