HP has released a BIOS update that fixes two high-severity vulnerabilities. These two vulnerabilities allow hackers to execute arbitrary code with core privileges, including installing malicious drivers and even a malicious BIOS, which cannot be patched even by reinstalling the computer. The vulnerability affects a wide range of more than 200 HP notebook and desktop PCs, as well as workstations and point-of-sale systems. Everyone should update as soon as possible.
According to HP’s customer support website, they found a potential security vulnerability in the BIOS (UEFI firmware), with CVE IDs CVE-2021-3808 and CVE-2021-3809, and listed all affected models, including the Elite Dragonfly , Elite x2, EliteBook and ProBook series, desktop computers include Elite Slice, EliteDesk, EliteOne and ProDesk series.
According to Nicholas Starke, the security expert who discovered the flaw, the flaw could allow an attacker to execute code with core-level privileges and escalate privileges to System Management Mode (SMM), which would allow an attacker to gain control of the entire computer. to carry out further attacks, overwrite the BIOS, and implant permanent malware that cannot be removed by anti-virus software or by reinstalling the system.
You can find the model of your computer on the official support page, and download the relevant SoftPaq executable file to install it to fix the loopholes. Don’t download it from unknown sources. At the time of writing, fixes for some models are still in development.