1. 云图网首页
  2. 技术专区
  3. 智能运维

How To Fix The 16 New LPE And ACE Vulnerabilities In HP BIOS

智能运维

Binarly, a well-known firmware security specialist, disclosed 16new LPE (Local Privilege escalation) and ACT (Arbitrary code execution) vulnerabilities in HP BIOS. All these vulnerabilities are considered high in severity since they have got a score from 7.5 to 8.8. Owners of HP devices should pay attention to These vulnerabilities. Since these vulnerabilities affect multiple HP products, including laptops, desktops, point-of-sale systems, and edge computing nodes, let’s see How to Fix the 16 New LPE and ACE Vulnerabilities in HP BIOS in this post.

Summary Of The 16 New LPE And ECE Vulnerabilities In HP BIOS:

3 out of 16 vulnerabilities could be used to carry out Local Privilege escalation, and the remaining 13 vulnerabilities could be abused to perform arbitrary code injection attacks on the vulnerable devices.

These vulnerabilities in HP BIOS let attackers not just Implant persistent malware programs that survive operating system updates and re-installations but are also capable of bypassing UEFI Secure Boot, Intel Boot Guard, virtualization-based security, and endpoint security systems. Check out the page for more technical details.

CVE ID BINARLY ID Description CVSS Score
CVE-2021-39297 BRLY-2021-003 DXE stack buffer overflow (arbitrary code execution) 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2021-39298 BRLY-2021-004 SMM callout (privilege escalation) 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2021-39299 BRLY-2021-005 DXE stack buffer overflow (arbitrary code execution) 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2021-39300 BRLY-2021-006 DXE stack overflow vulnerability (arbitrary code execution) 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2021-39301 BRLY-2021-007 DXE stack overflow (arbitrary code execution) 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-23924 BRLY-2021-032 SMM heap buffer overflow (arbitrary code execution) 7.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H
CVE-2022-23925 BRLY-2021-033 SMM memory corruption (arbitrary code execution) 7.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H
CVE-2022-23926 BRLY-2021-034 SMM memory corruption (arbitrary code execution) 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-23927 BRLY-2021-035 SMM memory corruption (arbitrary code execution) 7.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L
CVE-2022-23928 BRLY-2021-036 SMM memory corruption (arbitrary code execution) 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H
CVE-2022-23929 BRLY-2021-037 SMM memory corruption (arbitrary code execution) 7.2 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H
CVE-2022-23930 BRLY-2021-038 SMM memory corruption (arbitrary code execution) 7.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H
CVE-2022-23931 BRLY-2021-039 SMM memory corruption (arbitrary code execution) 7.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H
CVE-2022-23932 BRLY-2021-040 SMM callout (privilege escalation) 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-23933 BRLY-2021-041 SMM callout (privilege escalation) 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-23934 BRLY-2021-042 SMM memory corruption (arbitrary code execution) 7.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H

Devices Vulnerable To These Vulnerabilities:

There are multiple devices affected by these 16 new LPE and ACE vulnerabilities, such as laptops, desktops, point-of-sale systems, and edge computing nodes. The Vendor said it had identified affected platforms and corresponding SoftPaqs that fixed the first five vulnerabilities in the above list. HP has not concluded the list of devices affected for the remaining eleven vulnerabilities. See the updates here for more information.

How To Fix The 16 New LPE And ACE Vulnerabilities In HP BIOS?

The best solution to cope with security vulnerabilities is to keep your system up to date with the latest firmware and software.

Time needed: 30 minutes.

How to Upgrade BIOS in HP Devices?

BIOS can be upgraded in four different ways. However, Upgrading the BIOS manually from Windows is the simplest and safe way. Please refer to this KB to know about the remaining procedure.

1. Update the BIOS using HP Image Assistant
2. Update the BIOS from within the BIOS
3. Update the BIOS manually from within Windows
3. Update the BIOS manually from a USB flash drive (outside of Windows)

  1. Collect the Product Name, Product Number, Processor Name, and System BIOS.

    You can capture this information either from the HP System Utility or from Windows System Information.

    To open HP System Utility: Press the fn and esc keys to open the HP System Information utility.
    To Open Windows System Information: Type System Information in the taskbar search and hit the Enter key.Collect the Product Name, Product Number, Processor Name, and System BIOS

  2. Prepare your system for the BIOS upgrade.

    1. Connect the Power card in the case of Laptops.
    2. Close all the applications. No applications are supposed to be running during the BIOS update.
    3. Disable the Anti-Virus, system security, and any other security application temporarily. In Windows, search for and open Security and Maintenance settings, and then click Security to access virus protection settings.
    4. Disable BitLocker temporarily. In Windows, search for and open Manage Bitlocker. Click Suspend protection, and then click Yes.

    Turn-off BitLocker in Windows

  3. Download the BIOS update.

    1. Open the HP Software and Driver Downloads page on your browser.
    2. Choose your product. Or Let the tool auto-analyze your product.
    3. Select BIOS and check for any available BIOS updates. Click Download. Note: If you don’t see BIOS updates, that means no updates are available for your product.

  4. Execute the BIOS update file.

    Browse the file that you have downloaded. Execute it with a double-click on it.
    Click Yes on the User Account Control screen.

    Execute the BIOS update file

  5. Click Next in the Installation Window.

    Click Next in the Installation Window

  6. Accept the License Agreement.

    Select I accept the terms in the license agreement, and then click Next.

    Accept the License Agreement

  7. Click Next on the HP BIOS Update and Recovery window.

    Click Next on the HP BIOS Update and Recovery window

  8. Select Update, and then click Next.

    Select Update in the BIOS Update and Recovery window

  9. Restart after update.

    Click Restart Now to install the update.

    Click Restart Now to install the update

  10. Initiate BIOS update.

    Click Apply Update Now on the HP BIOS Update window.

    Initiate BIOS update

  11. Waite until the update process gets completed.

    Waite until the update process gets completed

  12. Complete the BIOS update process and restart the computer.

    Complete the BIOS update process and restart the computer

  13. This completes the BIOS update process.

    This completes the BIOS update process

We hope this post will help you know How to Fix the 16 New LPE and ACE Vulnerabilities in HP BIOS. Thanks for reading this threat post. Please share this post and help to secure the digital world. Visit our social media page on FacebookLinkedInTwitterTelegramTumblr, & Medium and subscribe to receive updates like this. 

原创文章,作者:ItWorker,如若转载,请注明出处:https://blog.ytso.com/270173.html

(0)
0
上一篇 2022年6月24日
下一篇 2022年6月24日

相关推荐

发表回复

登录后才能评论