One month after Black Hat disclosure, HP's enterprise kit still unpatched

2022-09-13 08:30

Multiple high-severity firmware bugs in HP enterprise computers remain unpatched, some more than a year after Binarly security researchers disclosed the vulnerabilities to HP and then discussed them at the Black Hat security conference last month.

HP is "Aware of potential SMM vulnerabilities reported by Binarly," according to a spokesperson, who directed The Register to a security alert from March that addressed one of the bugs.

"Security is always a top priority for HP and we appreciate Binarly's contributions to help make HP products more secure," the spokesperson said in an emailed statement.

"We encourage all customers to keep their systems updated with the latest software, drivers, and firmware to help protect against vulnerabilities."

Binarly CEO and co-founder Alex Matrosov said his team disclosed the vulnerabilities to HP in July 2021 and April 2022 before discussing the bugs in a Black Hat talk last month and then posting a blog about them last week.

In the blog, the Binarly security researchers detail six arbitrary code execution vulnerabilities due to System Management Mode memory corruption problems.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/09/13/firmware_bugs_hp/

#blackhat #disclosure #HP