September 30, 2023

Researchers has disclosed six high severity firmware vulnerabilities affecting HP EliteBook devices.

A firmware implant is the final goal and the attacker can install the malicious implant on different levels of the firmware, either as a modified legitimate module or a standalone driver.

Advertisements

The impact of targeting unprivileged non–system management mode driver execution environment runtime drivers or applications by a threat actor is often underestimated, and this type of malicious DXE driver can bypass Secure Boot and influence additional boot stages.

Some HP enterprise devices including both laptops and desktops have still not received updates to patch the aforementioned vulnerabilities, despite them being publicly disclosed for over a month.

The FwHunt rules for the HP vulnerabilities discussed in its latest advisory has been placed in the Github repository.

Advertisements

These rules are being pushed to the Linux Vendor Firmware Service (LVFS) to enhance the supply chain security and awareness in enterprise environments worldwide.

This advisory was documented by researchers from Binarly.

Tags:

Leave a Reply

You may have missed

Progress issues Patches for Critical WS_FTP Flaws

September 29, 2023

NIST Releases SP 800-82r3 guide for OT

September 29, 2023

Cisco Semi-annual Security Advisory Summary

September 29, 2023

BlackTech Havoc’s Organizations with Cisco Router Bug

September 29, 2023

Google fixes fifth Zeroday bug in Chrome

September 28, 2023

OpenSea NFT suffers a Breach

September 28, 2023
%d bloggers like this: