March 29, 2023

Researchers has disclosed six high severity firmware vulnerabilities affecting HP EliteBook devices.

A firmware implant is the final goal and the attacker can install the malicious implant on different levels of the firmware, either as a modified legitimate module or a standalone driver.

Advertisements

The impact of targeting unprivileged non–system management mode driver execution environment runtime drivers or applications by a threat actor is often underestimated, and this type of malicious DXE driver can bypass Secure Boot and influence additional boot stages.

Some HP enterprise devices including both laptops and desktops have still not received updates to patch the aforementioned vulnerabilities, despite them being publicly disclosed for over a month.

The FwHunt rules for the HP vulnerabilities discussed in its latest advisory has been placed in the Github repository.

Advertisements

These rules are being pushed to the Linux Vendor Firmware Service (LVFS) to enhance the supply chain security and awareness in enterprise environments worldwide.

This advisory was documented by researchers from Binarly.

Tags:

Leave a Reply

You may have missed

Apple Backports ZeroDay Patches for older devices

Apple Backports ZeroDay Patches for older devices

March 28, 2023
Apache Fineract Vulnerabilities

Apache Fineract Vulnerabilities

March 28, 2023
IceID Malware Shifting Focus to Ransomwares

IceID Malware Shifting Focus to Ransomwares

March 28, 2023
Sun Pharma suffers a Security Incident

Sun Pharma suffers a Security Incident

March 28, 2023
Twitter Source Code Leak on Git

Twitter Source Code Leak on Git

March 27, 2023
Okta Credentials Exposed via Post Exploitation Attack

Okta Credentials Exposed via Post Exploitation Attack

March 27, 2023
%d bloggers like this: