HP has so far released a BIOS update to close a security risk that can execute malicious code at the Kernel level that has occurred in more than 200 of its computer models. With this kind of vulnerability, a hacker has the ability to enter the computer’s BIOS and plant a malware. This type of malware cannot be removed by normal antivirus software or by completely reinstalling the operating system.
This risk is of high severity with a score of 8.8. The vulnerabilities are named CVE-2021-3808 and CVE-2021-3809. HP has not yet disclosed the technical details of these vulnerabilities. This security vulnerability was discovered by security researcher Nicholas Starke. By using this, a hacker can gain access to the System Management Mode (SMM) from the kernel-level and launch attacks. An attacker with this SMM access can fully control that device.
Devices with this weakness include business notebook PCs like the Elite Dragonfly and some EliteBooks and ProBooks models. Several business desktop PCs like EliteDesk and EliteOne are also included. Apart from this, desktop workstation PCs models are also in this list. The complete list of affected devices is mentioned on the HP website, all the devices may not have received the BIOS update yet.
Leave A Comment