HP Releases BIOS Update for 200+ Laptop & PC Models to Correct Huge Security Flaw!
Mike Sanders / 3 years ago
Attention folks! – Do you own an HP tech item such as a PC or laptop? If the answer is yes, or you know someone who does, then you might want to pay attention as following an official post on their website, HP has confirmed the release of a new BIOS update that looks to correct a huge security flaw recently discovered within over 200 of their PC and (predominantly we suspect) laptop products!
HP BIOS Update Looks to Fix Huge Security Flaw in 200+ Products!
The security flaw was originally identified on HP products around 6-8 months ago by Nicholas Starke (an independent security researcher). – Although details on how the flaw can be executed have clearly not been posted online, the overall issue resided in a backdoor that allowed the BIOS to be accessed, and from this, malware could be installed/executed. A method which would completely prevent it from being detected by anti-virus products. – And yes, I strongly suspect that this is probably something to do with the HP software (bloatware) they pre-package with systems.
Itemised as ‘CVE-2021-3808’ and ‘CVE-2021-3809’, however, these have been classified with a score of 8.8 on the Common Vulnerability Scoring System Version 3.1 (CVSS 3.1) scale. This means that, in the grand scheme of things, this is about as close to being as serious and dangerous a security flaw as it can get!
I’ve been working on a vulnerability for six months and the advisory was just made public yesterday. I was not credited anywhere, despite being told by @HP that I would be credited. Here is my blog post with the technical details: https://t.co/RzmXbLeN5Z (PSR-2021-0177 is mine)
— nicholas starke (@nstarke) May 11, 2022
What Should I Do?
The advice in this regard is pretty clear. – If you own any description of HP laptop or PC system, you are strongly advised (borderline compelled in fact) to visit the official HP website and, if applicable to your system, install the new BIOS updates as soon as possible. – And given that this is a known issue on over 200 products, don’t be fooled into thinking that this probably doesn’t apply to you. In something which we’ll admit is against the usual run of things, any relatively recent HP tech owner (within the last 8 years) is more likely to be affected by this security flaw than not!
Admittedly, no, the chances that someone would ever access your system and execute this flaw is pretty slim. – At the same time though, if you use your HP device for highly important work, such as online banking, etc, is this a risk you’d really want to take? – Take the 20 minutes and get the update (and more information) via the link here!
What do you think? – Let us know in the comments!