Execution of Arbitrary Code
Source: HP, HP Product Security Response Team (PSRT)
Reported By: John Page (aka Hyp3rlinx) of ApparitionSec
A potential security vulnerability has been identified with certain versions of HP System Event Utility prior to version 1.4.33.
This vulnerability may allow a local attacker to execute arbitrary code via an HP System Event Utility system service.
HP is releasing software updates for notebook platforms that use HP System Event Utility. HP recommends updating HP System Event Utility to the mitigated version or later, as listed below.
Product Name
|
Updated Version
|
SoftPaq #
|
SoftPaq Link
—|—|—|—
HP System Event Utility
|
1.4.33 or later
|
SP101543
|
<https://ftp.hp.com/pub/softpaq/sp101501-102000/sp101543.exe>
How to identify the version of HP System Event Utility installed.
Method 1
On devices with Windows 10 operating system, right-click the Windows Start button and select Apps and Features.
Navigate to HP System Event Utility. If HP System Event Utility is not in the list of installed applications, your system is not impacted.
Select HP System Event Utility to view the software version information.
If the version is lower than 1.4.33, then update your software to the version1.4.33 or later.
Method 2
On devices with Windows operating system, in the Windows Search menu, type Control Panel.
Click Control Panel.
In Control Panel, click Programs and then click Uninstall a Program.
On the Programs and Features screen, navigate to HP System Event Utility to view the software version information.
If the version is lower than 1.4.33, then update your software to the version1.4.33 or later.
> note:
>
> HP recommends keeping your system up to date with the latest firmware and software.