Researchers at Binarly have discovered 16 high-impact UEFI firmware vulnerabilities affecting multiple HP models, including laptops, desktop computers, PoS systems, and edge computing nodes.
The vulnerabilities could enable hackers to infect devices with malware able to obtain high privileges and avoid detection by installed security software.
The flaws were divided into three categories: SMM Callout (Privilege Escalation), SSM (System Management Module), and DXE (Driver eXecution Environment).
The researchers said, "The active exploitation of all the discovered vulnerabilities can't be detected by firmware integrity monitoring systems due to limitations of the Trusted Platform Module (TPM) measurement."
Firmware updates have been made available through HP's BIOS upgrade portal.
View Full Article
Abstracts Copyright © 2022 SmithBucklin, Washington, DC, USA
No entries found