HP fixes bug letting attackers overwrite firmware in over 200 models

MuzzMelbourne

Level 5
Thread author
Mar 13, 2022
153
HP has released BIOS updates today to fix two high-severity vulnerabilities affecting a wide range of PC and notebook products, which allow code to run with Kernel privileges.

Kernel-level privileges are the highest rights in Windows, allowing threat actors to execute any command at the Kernel level, including manipulating drivers and accessing the BIOS.

The flaws are tracked as CVE-2021-3808 and CVE-2021-3809, and both have a CVSS 3.1 base score of 8.8, giving them a high severity rating. At this time, HP has provided no technical details about these flaws.

 
  • +Reputation
  • Like
Reactions: Trooper and upnorth