HP / Compaq laptop owners must read
Posted: Thu Dec 20, 2007 4:45 pm
http://www.computerworld.com/action/art ... _PM&nlid=8
'Bricking' bug threatens most HP, Compaq laptops
Second bundled bug in nine days can leave laptops unbootable
The hacker who posted an exploit last week that threatened a large swath of Hewlett-Packard Co.'s laptop lineup followed up yesterday with new attack code that can "brick" nearly every HP laptop.
In a post to the milw0rm.com Web site Wednesday, a Polish security researcher who used the alias "porkythepig" spelled out a pair of vulnerabilities in an ActiveX control used by HP's Software Update, the patch management program bundled with virtually every HP- and Compaq-branded laptop.
According to porkythepig's post, the Software Update bugs let an attacker corrupt Windows' kernel files, making the laptop unbootable, or with a little more effort, allow hacks that would result in a PC hijack or malware infection. In either case, a drive-by attack could be conducted by feeding users an e-mail message with a link to a malicious Web site.
"Every HP notebook machine containing the HP Software Updates application is vulnerable," claimed porkythepig. "It is possible that the vulnerable machine model list disclosed by the vendor as a confirmation to the previous issue concerning HP laptops, [the] HP Info Center case, will be similar in this case."
'Bricking' bug threatens most HP, Compaq laptops
Second bundled bug in nine days can leave laptops unbootable
The hacker who posted an exploit last week that threatened a large swath of Hewlett-Packard Co.'s laptop lineup followed up yesterday with new attack code that can "brick" nearly every HP laptop.
In a post to the milw0rm.com Web site Wednesday, a Polish security researcher who used the alias "porkythepig" spelled out a pair of vulnerabilities in an ActiveX control used by HP's Software Update, the patch management program bundled with virtually every HP- and Compaq-branded laptop.
According to porkythepig's post, the Software Update bugs let an attacker corrupt Windows' kernel files, making the laptop unbootable, or with a little more effort, allow hacks that would result in a PC hijack or malware infection. In either case, a drive-by attack could be conducted by feeding users an e-mail message with a link to a malicious Web site.
"Every HP notebook machine containing the HP Software Updates application is vulnerable," claimed porkythepig. "It is possible that the vulnerable machine model list disclosed by the vendor as a confirmation to the previous issue concerning HP laptops, [the] HP Info Center case, will be similar in this case."
