Create an account on the HP Community to personalize your profile and ask a question
03-09-2022 02:21 PM
That article states:
If you've got an HP desktop, laptop or tablet, you should check to see whether there's a BIOS/UEFI system-firmware update ready for it. Sixteen newly disclosed security flaws could let hackers implant deeply buried, undetectable malware, the company announced in a security bulletin yesterday (March 8).
and it lists which HP devices are affected, and how to remediate.
Note that Microsoft releases security updates at 10 AM Pacific on the 2nd Tuesday of each month, e.g., yesterday, March 8th. Those updates probably are NOT related to the HP Security Bulletin. But, it shows that every vendor is aware of issues, and works to offer remediation.
I hope that this was "responsible disclosure" --
- a "security-researcher" identifies a security-issue,
- they inform HP (and nobody else),
- HP reacts to verify the issue,
- HP generates an update -- documentation & software patch,
- HP announces the availability of the update,
- HP informs the security-researcher,
- the security-researcher informs the public,
- the press, e.g., "Tom's Guide", writes an article,
- everybody on the Internet goes into a "complete panic" about "yet-another" security-vulnerability that probably is not "in-the-wild" -- discovered in a laboratory, not on an infected computer.
So, please review the HP documentation.
To me, in this case, it seems like one needs an already-compromised computer that then tries to "leverage" this vulnerability. So, use "defense-in-depth" to prevent your computer from getting compromised.
03-09-2022 04:35 PM
Yes, HP Links in article do NOT identify Solutions for Windows 11 Notebooks....
The Article also identifies -
"It's not known how many HP devices are affected, but five of the flaws are already known to affect hundreds of HP business-oriented models, as the company detailed in a previous security bulletin. The identification of consumer models affected by any of these 16 flaws is still pending."
Is this a Wait & See Vulnerability waiting for a Windows 11 Solutions?
03-10-2022 02:10 AM
@PC-NoTimeLeft -- Is this a Wait & See Vulnerability waiting for a Windows 11 Solutions?
Since the vulnerability is within the BIOS/UEFI, it does not matter what operating system that is running - some variant of Linux or Windows 8/10/11.
Obviously, HP has published what they have chosen to publish, at the current time.
I expect that HP will update their Security Bulletin, to replace any "pending" wording by specific advice for specific HP computers.
I would say that this is a "keep monitoring" situation -- not exactly the same approach as "wait-and-see".
Be proactive, not reactive, if you personally think that the "threat-level" for this vulnerability is "high".
Again, if Windows 8/10/11 gets compromised, that opens the door to a possible exploit of this vulnerability. But, I think that the greater worry is that a compromised computer could harvest your personal information, and encrypt your personal files, thus leading to identity theft, and or you needing to pay a "ransom" to decrypt your files. Currently, hackers hack for their financial gain, rather than just to "tag" your computer as being "owned" by them. Of course, some hackers hack for other reasons, such as targeting Russia's military computer-systems, in a strange way to support Ukrainian citizens.
Didn't find what you were looking for? Ask the community