Researchers have issued a warning that multiple high-severity vulnerabilities affect a number of HP business notebooks (opens in new tab), business desktop PCs (opens in new tab), point of sale systems (opens in new tab), and workstations (opens in new tab) have been sitting unpatched for months on end.
Because each of the vulnerabilities that were discovered makes it possible for arbitrary code to be executed, this might mean that a large number of HP users are at danger of having their endpoints breached, their files stolen, or their digital accounts compromised.
Experts have cautioned that because the vulnerabilities are present in the firmware, they may continue to exist even after the operating system has been reinstalled.
According to Binarly, the company discovered a total of six vulnerabilities: three in July 2021 and three more in April 2022. These vulnerabilities are all related to System Management Module (SMM) memory corruption, and the first three were discovered in July 2021.
CVE-2022-23930 (8.2), CVE-2022-31644 (7.5), CVE-2022-31645 (8.2), CVE-2022-31646 (8.2), CVE-2022-31640 (7.5), and CVE-2022-31641 (8.2) are the identifiers for the vulnerabilities (7.5).
Since the vulnerability was made public, HP has released three security warnings covering three of the weaknesses, as well as three upgrades to the corresponding BIOS, which resolve the vulnerabilities on some of the models.
online pharmacy lexapro over the counter best drugstore for you
The business, however, has not distributed any fixes for the computers that are part of the Elite, Zbook, or ProBook series.
online pharmacy trazodone over the counter best drugstore for you
The same is true for the ProDesk, EliteDesk, and ProOne series. The issues can potentially affect HP workstations like Z1, Z2, Z4, and Zcentral. These workstations are still susceptible.
online pharmacy clomiphene over the counter best drugstore for you
In spite of the fact that Binarly cautioned of the possible dangers that could arise from a lack of updates for these vulnerabilities, the business emphasized the challenges that are inherent in addressing vulnerabilities for a single vendor.
According to the company’s study, “There are gaps that are difficult to fix on the manufacturing end since it entails difficulties that are beyond the control of the device manufacturers.” This was stated as a consequence of the complexity of the firmware supply chain.
TechRadar Pro has contacted HP to request a comment on when the company intends to release updates for the impacted devices. If and when we hear back from HP, we will update this story with the information.