Researchers has disclosed six high severity firmware vulnerabilities affecting HP EliteBook devices.
A firmware implant is the final goal and the attacker can install the malicious implant on different levels of the firmware, either as a modified legitimate module or a standalone driver.
The impact of targeting unprivileged non–system management mode driver execution environment runtime drivers or applications by a threat actor is often underestimated, and this type of malicious DXE driver can bypass Secure Boot and influence additional boot stages.
Some HP enterprise devices including both laptops and desktops have still not received updates to patch the aforementioned vulnerabilities, despite them being publicly disclosed for over a month.
The FwHunt rules for the HP vulnerabilities discussed in its latest advisory has been placed in the Github repository.
These rules are being pushed to the Linux Vendor Firmware Service (LVFS) to enhance the supply chain security and awareness in enterprise environments worldwide.
This advisory was documented by researchers from Binarly.