Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: Got a HP laptop and running windows? Time to patch! - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Got a HP laptop and running windows? Time to patch!

HP released a vulnerability notice to Bugtraq on the 15th December indicating that :

A potential security vulnerability has been identified with the HP Quick Launch Button (QLB) software running on Windows. The vulnerability could be exploited remotely to execute arbitrary code or to gain privileged access.

Well, we received an e-mail from our good friend Raul Siles which indicate that this is potential more serious than a 'potential vulnerability' as POC code exists which grants remote access.

Some related references:

http://www.anspi.pl/~porkythepig/hp-issue/kilokieubasy.txt

http://www.heise-security.co.uk/news/100459
http://www.heise-security.co.uk/news/100625

A workaround which disables HP Info Center is being hosted here:

ftp://ftp.hp.com/pub/softpaq/sp38001-38500/
ftp://ftp.hp.com/pub/softpaq/sp38001-38500/sp38166.html

 

 

Stephen

89 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!