Those affected include HP EliteBook, EliteDesk, and Dragonfly models.
HP has issued a series of security upgrades to address a number of potentially significant security problems that affect a large number of its computer devices.
The malware problems, which were first discovered in November 2021, affect some of HP’s most prominent brands, including EliteBook notebooks, EliteDesk desktops, and Z1 and Z2 workstations.
The weaknesses, which have been assigned the numbers CVE-2021-3808 and CVE-2021-3809 and have a high severity rating, might have allowed hackers to get access to victim devices and run malware with Kernel privileges, potentially allowing them to execute any command at the kernel level.
Concerns about HP security
HP stated in a security advisory posted on its website that “The BIOS (UEFI Firmware) for certain HP PC models has been detected as having potential security flaws that could allow arbitrary code execution. To address these potential flaws, HP is distributing firmware updates “.
The company did not go into specific technical details about the problems, but advised customers to download and update as soon as possible.
However, Nicholas Starke, the researcher who first discovered the flaws, went into greater detail about the possible consequences of the flaws.
“An attacker with kernel-level privileges (CPL == 0) might use this issue to escalate privileges to System Management Mode” (SMM). In a blog post, Starke stated that “executing in SMM provides an attacker full access over the host, allowing them to carry out further assaults.”
He described how a susceptible SMI handler can be triggered via the Windows kernel driver, with attackers able to execute remote code after locating the memory address of the “LocateProtocol” function and overwriting it with malicious code.
They may then use antivirus platforms or an OS reinstall to install malware that would be unremovable.
Some HP models may withstand such attacks, according to Starke, with the company’s HP Sure Start software detecting such interference and shutting down the host and prompting users to allow a system boot.
The disclosure comes just days after HP released updates for four critical vulnerabilities that could lead to remote code execution, data theft, or a denial of service in hundreds of its printers.
Without a solid firewall, no security tech stack is complete.