1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

HP, Compaq users: 'Bricking' threatens laptops

By jobeard
Dec 21, 2007
  1. HP, Compaq users: 'Bricking' threatens laptops (fix available)

    December 20, 2007 (Computerworld) -- The hacker who posted an exploit last week that threatened a large swath of Hewlett-Packard Co.'s laptop lineup followed up yesterday with new attack code that can "brick" nearly every HP laptop.

    In a post to the milw0rm.com Web site Wednesday, a Polish security researcher who used the alias "porkythepig" spelled out a pair of vulnerabilities in an ActiveX control used by HP's Software Update, the patch management program bundled with virtually every HP- and Compaq-branded laptop.

    According to porkythepig's post, the Software Update bugs let an attacker corrupt Windows' kernel files, making the laptop unbootable, or with a little more effort, allow hacks that would result in a PC hijack or malware infection. In either case, a drive-by attack could be conducted by feeding users an e-mail message with a link to a malicious Web site.

    "Every HP notebook machine containing the HP Software Updates application is vulnerable," claimed porkythepig. "It is possible that the vulnerable machine model list disclosed by the vendor as a confirmation to the previous issue concerning HP laptops, [the] HP Info Center case, will be similar in this case."

    see the article details
  2. jobeard

    jobeard TS Ambassador Topic Starter Posts: 10,432   +801

    fix now available:)

    December 24, 2007 (Computerworld) -- Hewlett-Packard Co. has fixed flaws in a patch-management program bundled with its computers, printers and other hardware that could be used by hackers to "brick" HP or Compaq PCs.

    In an alert sent to customers who subscribe to its security warning service, HP said users should run Software Update to patch the flaws disclosed last week by a Polish researcher known only by his alias, "porkythepig." A pair of bugs in the update service's ActiveX control can be used to execute remote code or gain additional access rights, porkythepig said then. He also posted proof-of-concept exploit code that showed how to use one of the vulnerabilities to overwrite and corrupt crucial Windows' system files, an attack that would leave any affected PC unbootable.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...