Feeds

Click here to turn your HP laptop into a brick

More bundled software madness

Beginner's guide to SSL certificates

A second bug in HP laptop utilities creates a means for hackers to turn PCs into "unbootable" bricks.

Flaws in the automatic software update tool bundled with HP notebooks might be abused to alter vital system files (in the kernel or elsewhere) leaving PC unbootable, according to a post on the milw0rm full disclosure mailing list. The vulnerability reportedly grants remote system arbitrary file write access. It stems from security flaws in an ActiveX control (called EngineRules.dll) that's connected with automatic software updates.

Upshot: hackers could, at a push, inject hostile code onto vulnerable systems after tricking users into visiting maliciously constructed websites. It's reportedly easier to carry out a much more unusual attack that corrupts system files and renders compromised systems unbootable.

The vulnerability affects HP laptop users running IE 6 or 7 on all supported versions of Windows.

Details were posted on milw0rm forum by "porkythepig", a security researcher using a Polish email address. The same hacker disclosed other bugs involving bundled software on HP laptops last week. HP quickly issued an update that disabled vulnerable components in its Info Centre software. The researcher said such a quick and dirty fix is unlikely to help in the latest case. "Simple disabling of the vulnerable control by the vendor's patch (like in the other HP software vulnerability case - HPInfo) would result in the machine software update system compromise in this case and would leave the user vulnerable to future security issues," he writes. ®

Internet Security Threat Report 2014

More from The Register

next story
NOKIA - Not FINNished yet! BEHOLD the somewhat DULL MYSTERY DEVICE!
N1 mini-'slab to plop into crowded pond next year
Heyyy! NICE e-bracelet you've got there ... SHAME if someone were to SUBPOENA it
Court pops open cans of worms and whup-ass in Fitbit case
SLURP! Flick your TONGUE around our LOLLIPOP – Google
Android 5 is coming – IF you're lucky enough to have the right gadget
Fujitsu CTO: We'll be 3D-printing tech execs in 15 years
Fleshy techie disses network neutrality, helmet-less motorcyclists
Space Commanders rebel as Elite:Dangerous kills offline mode
Frontier cops an epic kicking in its own forums ahead of December revival
VINYL is BACK and you can thank Sonos for that
The format that wouldn’t die is officially in remission
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.