• ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
Seize the moment! nominate yourself or a tech enthusiast you admire & join the HP Community Experts!
Common problems for Battery
We would like to share some of the most frequently asked questions about: Battery Reports, Hold a charge, Test and Calibrating Battery . Check out this link: Is your notebook plugged in and not charging?
Locked

‎02-08-2018 01:36 PM

HP Recommended
Product: Pavilion 23
Operating System: Microsoft Windows 10 (64-bit)

I received the following email. The links are very cryptic. Is this a Phishing email or is it real? This submission form removed invalid HTML before it would post it.

 

   

Critical Security Bulletin - Jan 30 2018

 

HPSBHF03578 rev. 1 - Intel Graphics Driver - Pointer Dereference / Type Confusion in HECI Service (c...

 

Products: Laptops and Hybrids, Desktops & Workstations, Point of Sale Systems, Tablets

 

Description: HPSBHF03578 rev. 1 - Intel Graphics Driver - Pointer Dereference / Type Confusion in HECI Service

 

1 ACCEPTED SOLUTION

Accepted Solutions

‎02-10-2018 10:14 AM

HP Recommended

Hi @Bill_1944,

 

Welcome to HP Forums,

This is a great place to get support, find answers and tips,

Thank you for posting your query, I'll be more than glad to help you out 🙂

 

As I understand, you're in need of support.

Don't worry as I'll be glad to help, 

 

This is a genuine email you've received and it is the authentic website. This is the VULNERABILITY. You could refer to the summary:

 

CVE-2017-5717: The Intel® Content Protection HECI Service has a Type Confusion vulnerability which potentially can lead to a privilege escalation. The HECI service software is distributed as part of the Intel Graphics Driver and is used by the graphics driver to provide premium content playback services.

CVE-2017-5727: The Intel® Graphics Drivers for Windows Code can fail to adequately validate a pointer input. This may lead to modification of kernel memory and a potential for an escalation of privilege.

 

You need to check if your computer is listed in the list of all the computers.

 

If it is not listed, you could ignore the email.

 

If your model name is listed in the article, then HP is working to update the affected systems. Schedules for these updates will be provided via this bulletin. Impacted HP products are shown in the table below. We will update the table as softpaqs become available. Check back frequently for updates.

 

Hope this helps!

Have a great day 🙂

Cheers!

View solution in original post

Was this reply helpful? Yes No
1 REPLY 1

‎02-10-2018 10:14 AM

HP Recommended

Hi @Bill_1944,

 

Welcome to HP Forums,

This is a great place to get support, find answers and tips,

Thank you for posting your query, I'll be more than glad to help you out 🙂

 

As I understand, you're in need of support.

Don't worry as I'll be glad to help, 

 

This is a genuine email you've received and it is the authentic website. This is the VULNERABILITY. You could refer to the summary:

 

CVE-2017-5717: The Intel® Content Protection HECI Service has a Type Confusion vulnerability which potentially can lead to a privilege escalation. The HECI service software is distributed as part of the Intel Graphics Driver and is used by the graphics driver to provide premium content playback services.

CVE-2017-5727: The Intel® Graphics Drivers for Windows Code can fail to adequately validate a pointer input. This may lead to modification of kernel memory and a potential for an escalation of privilege.

 

You need to check if your computer is listed in the list of all the computers.

 

If it is not listed, you could ignore the email.

 

If your model name is listed in the article, then HP is working to update the affected systems. Schedules for these updates will be provided via this bulletin. Impacted HP products are shown in the table below. We will update the table as softpaqs become available. Check back frequently for updates.

 

Hope this helps!

Have a great day 🙂

Cheers!

Was this reply helpful? Yes No
Warning
Be alert for scammers posting fake support phone numbers and/or email addresses on the community.
If you think you have received a fake HP Support message, please report it to us by clicking on "Flag Post".
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.
Didn't find what you were looking for? Ask the community
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.