What does not help, HP - and also other such companies - made it rather complicated to get in touch with them. I am becoming tired when I even think of going through the usual nonsense of raising a case and getting its number assigned prior to giving them a call. And, my experience with Support staff was not very enlightening either.

Although it is a "user-to-user" forum:

1. HP bods peruse its content regularly.

2. Leaving such rotten apples unattended definitely is not (or: should not) be in HP's interest. It's bad publicity after all - and based on concrete evidence

Unfortunately HP has not yet posted a fix for my model (it turns out to be a HP Pavilion 15-au028ca.)

It is listed but the link (ftp://ftp.hp.com/pub/softpaq/sp82001-82500/SP82271.exe) gives me the Error: 550 Failed to change directory.

Dissapointed in the failure of HP to resolve this issue in a timely manner, in their poor communication regarding this vulnerability and especially in the confusing webpage they provide for the "Fixes".

The link you were given is dud - which is also quite telling (I assume this is how it's shown on this 'security bulletin')!

Try this:

https://ftp.hp.com/pub/softpaq/sp82001-82500/sp82271.html

https://ftp.hp.com/pub/softpaq/sp82001-82500/sp82271.exe

> Unfortunately HP, has not yet posted a fix for my model:  HP Pavilion 15-au028ca

Your computer's specifications:

 https://support.hp.com/hk-en/product/hp-pavilion-15-au000-notebook-pc-series/10862158/document/c0518...

> It is listed but the link:  ftp://ftp.hp.com/pub/softpaq/sp82001-82500/SP82271.exe 

Change 'SP' to 'sp', and the hyperlink will work.  Sigh.

See: ftp://ftp.hp.com/pub/softpaq/sp82001-82500/sp82271.html

which lists:

HP Pavilion Power 15 Laptop
HP Pavilion 15 Notebook PC

as models remediated by the update.

It's these pesky customers again, no?

But why do they need to know that filenames can be case-sensitive? It's so '80s, isn't it?

More importantly: Why HP supplies untidy links in their official documents?

Etc.

>  But why do they need to know that filenames can be case-sensitive? It's so '80s, isn't it?

The UNIX operating system, and all the LINUX variants, have case-sensitive file-naming conventions.

For years, Windows had '8.3' file-naming conventions, e.g., 'foundati.txt', instead of 'foundation.txt'.

FTP-servers, mostly being UNIX-based, enforce those conventions.

Unfortunately, it's too late to do anything about it -- it is what it is.

> More importantly: Why [does] HP supplies untidy links in their official documents?

Blame the curriculum of the current K-12 school-system, which does not teach cursive penmanship, and does not enforce proper spelling & grammar, for producing sub-optimal "technical writers".

 What model of HP computer do you have?  Have you remediated it?

From: ftp://ftp.hp.com/pub/softpaq/sp82001-82500/sp82271.html

TITLE: HP Consumer Desktop / Notebook PC ME Firmware Update

VERSION: 1.00 REV: A PASS: 1
DESCRIPTION:  This package provides an update to HP Consumer Desktop / Notebook PC for supported models running a supported operating system.

PURPOSE: Critical
SOFTPAQ FILE NAME: SP82271.exe
EFFECTIVE DATE: October 17, 2017
CATEGORY: Driver-Chipset

PRODUCT TYPE(S):  Desktops;Workstations;Consumer Desktops;Notebooks

HARDWARE PRODUCT MODEL(S):

[snip]

OMEN by HP 880-0xx Desktop PC
OMEN by HP 880-1xx Desktop PC

[snip]

The OMEN by HP 870 is not listed.

From: http://www8.hp.com/us/en/intelmanageabilityissue.html

A security vulnerability has been discovered in Intel’s manageability firmware that impacts all Intel OEMs.

This vulnerability is a security flaw that originated in the development and deployment of Intel's Manageability firmware.

The vulnerability affects some of HP’s commercial PCs, and some HP workstations, thin clients, and retail point of sale products.

HP’s consumer PC’s are not impacted.

So, it seems that there NEVER will be an update for the OMEN 870 -- not required.

Dear mdklassen

You are undoubtedly one of these guys who know better. This sadly has a rather blinding and unfortunate impact on your judgment, and ability to read with comprehension, the proofs of it being in this thread.

First of all: Why do you stubbornly quote some and unrelated old advisory note? We're talking about different issue - and I pointed it out to you twice in this or any other similar threads here.

(and I can quote exact posts reference if you wish)

Please therefore refrain confusing others by giving wrong information.

Secondly, can you therefore open the below link and spend some time reading it?

https://support.hp.com/us-en/document/c05843704

Please note that my system is shown there.

Thirdly and lastly, I think know better what small piece of software released by Intel for this very purpose shows me exactly (system vulnerable).

TLDR.

From:  https://support.hp.com/us-en/document/c05843704

(updated November 30, 2017):

OMEN by HP 870-2xx -- TBD

OMEN by HP 870-xxx Desktop PC -- TBD

You are missing the point -- there is a contradiction between what HP has written and what Intel has written.

Nobody on this forum can officially speak for HP, nor for Intel.

Please remember the "Rules of Participation", and keep your comments positive.

https://h30434.www3.hp.com/t5/custom/page/page-id/hp.rulespage

OK?