Click HERE to learn more about classes Stephen is teaching for SANS

Got a HP laptop and running windows? Time to patch!

Published: 2007-12-19. Last Updated: 2007-12-19 03:09:47 UTC
by Stephen Hall (Version: 1)
0 comment(s)

HP released a vulnerability notice to Bugtraq on the 15th December indicating that :

A potential security vulnerability has been identified with the HP Quick Launch Button (QLB) software running on Windows. The vulnerability could be exploited remotely to execute arbitrary code or to gain privileged access.

Well, we received an e-mail from our good friend Raul Siles which indicate that this is potential more serious than a 'potential vulnerability' as POC code exists which grants remote access.

Some related references:

http://www.anspi.pl/~porkythepig/hp-issue/kilokieubasy.txt

http://www.heise-security.co.uk/news/100459
http://www.heise-security.co.uk/news/100625

A workaround which disables HP Info Center is being hosted here:

ftp://ftp.hp.com/pub/softpaq/sp38001-38500/
ftp://ftp.hp.com/pub/softpaq/sp38001-38500/sp38166.html

 

 

Keywords:
0 comment(s)
Click HERE to learn more about classes Stephen is teaching for SANS

Comments

Login here to join the discussion.


Top of page
Diary Archives