HP PC BIOS August 2022 Security Updates for Potential SMM and TOCTOU Vulnerabilities

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate these potential vulnerabilities. HP has...

HPSBHF03684 rev. 2 - Intel® BIOS September 2020 Security Updates

Potential Security Impact Escalation of Privilege, Denial of Service, Information Disclosure Source: HP, HP Product Security Response Team PSRT Reported By: Intel. VULNERABILITY SUMMARY Intel® has informed HP of potential security vulnerabilities identified in BIOS firmware for multiple Intel®...

HPSBHF03618 rev. 8 - Intel Microarchitectural Data Sampling Security Updates

Potential Security Impact Information Disclosure Source : HP, HP Product Security Response Team PSRT Reported By : Intel VULNERABILITY SUMMARY Potential security vulnerabilities in Intel CPUs may allow information disclosure. Researchers have referred to these vulnerabilities as ZombieLoad, RIDL,...

HPSBHF03590 rev. 2 - L1 Terminal Fault (L1TF)

Potential Security Impact Unauthorized exposure of privileged data from memory. Source: HP, HP Product Security Response Team PSRT, Intel Reported By: Intel VULNERABILITY SUMMARY A new speculative execution side channel variant has been discovered called L1 Terminal Fault L1TF. There are no repor...

HP BIOS Flash Protection Security Update

A potential security vulnerability has been identified in the System BIOS for some HP PC products, which might allow escalation of privilege, arbitrary code execution, denial of service, or information disclosure via a physical attack that requires specialized equipment and knowledge. HP is...

HP Device Manager Security Updates

Previous versions of HP Device Manager prior to HPDM 5.0.11 could potentially contain security vulnerabilities. HP has released HP Device Manager 5.0.11, which includes updates to mitigate potential vulnerabilities. All of the identified vulnerabilities listed above were addressed and fixed as pa...

AMD® Chipset Driver September 2021 Security Update

AMD has informed HP of a potential security vulnerability identified in the AMD® Chipset Driver which may allow information disclosure. AMD is releasing a security update to mitigate this potential vulnerability. AMD has released updates to mitigate the potential vulnerabilities. HP has identifie...

PC Wireless Wi-Fi Adapter Driver Security Updates August 2021

Wireless Wi-Fi vendors have informed HP of potential security vulnerabilities identified in some of their wireless PC adapters which may allow escalation of privilege and information disclosure. These industry-wide vulnerabilities are known as FragAttacks fragmentation and aggregation attacks...

HPSBHF03679 rev. 2 - Intel® Wireless Bluetooth August 2020 Security Updates

Potential Security Impact Denial of Service, Information Disclosure, Escalation of Privilege Source: HP, HP Product Security Response Team PSRT Reported By: Intel VULNERABILITY SUMMARY Intel has informed HP of potential security vulnerabilities in some Intel® Wireless Bluetooth® software which ma...

HPSBHF03637 rev. 3 - Intel 2019.2 IPU CSME SPS TXE AMT Security Updates

Potential Security Impact Escalation of Privilege, Denial of Service, or Information Disclosure Source: Intel, HP, HP Product Security Response Team PSRT Reported by: Intel VULNERABILITY SUMMARY Multiple security vulnerabilities have been identified by Intel. Intel is releasing updates for Intel®...

Intel Chipset Device Software May 2024 Security Update

Intel has informed HP of a potential security vulnerability in some Intel® Chipset Device Software, which might allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential vulnerability. HP has...

Intel Dynamic Tuning Technology Software August 2023 Security Update

Intel has informed HP of a potential security vulnerability in the Intel® Dynamic Tuning Technology DTT software which may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential vulnerabilit...

HPSBHF03681 rev. 2 - Intel® Graphics Drivers August 2020 Security Updates

Potential Security Impact Escalation of Privilege, Denial of Service Source: HP, HP Product Security Response Team PSRT Reported By: Intel VULNERABILITY SUMMARY Intel has informed HP of potential security vulnerabilities in some Intel® Graphics Drivers which may allow escalation of privilege and/...

Intel 2022.3 IPU - Chipset Firmware November 2022 Security Update

Intel has informed HP of potential security vulnerabilities in some Intel® Chipset Firmware in Intel® Converged Security and Manageability Engine CSME, Intel® Active Management Technology AMT, and Intel® Standard Manageability, which might allow escalation of privilege or denial of service. Intel...

Intel® PROSet/Wireless WiFi and Killer™ WiFi August 2022 Security Update

Intel has informed HP of potential vulnerabilities identified in some Intel® PROSet/Wireless WiFi and Killer™ WiFi products, which might allow escalation of privilege, information disclosure or denial of service. Intel is releasing firmware and software updates to mitigate these potential...

HPSBPI06327 rev. 1 - Execution of Arbitrary Code for HP LaserJet, PageWide, OfficeJet Enterprise, and LaserJet Managed Printers

Potential Security Impact Execution of arbitrary code VULNERABILITY SUMMARY Solution application signature checking may allow potential execution of arbitrary code. RESOLUTION Perform the following steps to help mitigate the vulnerability. 1. Update firmware for impacted printers as indicated in...

Plantronics Hub – Local Privilege Escalation

A privilege escalation exists in the updater for Plantronics Hub 3.25.1 and below. Upgrade to the latest version of Plantronics Hub 3.25.2...

HPSBPI03569 rev 4 - HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, HP OfficeJet Enterprise printers, Execution of arbitrary code

Potential Security Impact Execution of arbitrary code Source: NTT Security Reported By: Stephen Breen VULNERABILITY SUMMARY Insufficient Solution DLL Signature Validation allows potential execution of arbitrary code. RESOLUTION Available Mitigation Settings: The vulnerability can be avoided by...

Intel 2021.2 IPU – BIOS November 2021 Security Updates

Intel has informed HP of potential security vulnerabilities identified in some Intel® Processors which may allow escalation of privilege. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Intel has released updates to mitigate the potential vulnerabilities. HP has...

HPSBHF03697 rev. 2 - Intel® PROSet/Wireless WiFi Software November 2020 Security Updates

Potential Security Impact Escalation of Privilege, Denial of Service Source: HP, HP Product Security Response Team PSRT Reported By: Intel VULNERABILITY SUMMARY Intel has informed HP of potential security vulnerabilities identified in some Intel® PROSet/Wireless WiFi products which may allow...

HPSBHF03616 rev. 4 - Intel 2019.1 CSME, Trusted Execution Engine (TXE), Active Management Technology (AMT) Security Updates

Potential Security Impact Escalation of Privilege, Denial of Service, Information Disclosure Source: HP, HP Product Security Response Team PSRT Reported By: Intel VULNERABILITY SUMMARY Multiple potential security vulnerabilities have been identified with Intel® CSME, Trusted Execution Engine and...

Certain HP Print Products - Potential Buffer Overflow, Remote Code Execution

Certain HP Print Products are potentially vulnerable to Buffer Overflow and/or Remote Code Execution. Update your printer firmware...

Intel® RST Software August 2022 Security Update

Intel has informed HP of a potential security vulnerability identified in the Intel® Rapid Storage Technology RST software, which might allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential...

HPSBPI03708 rev. 1 - HP Print and Scan Doctor - Local Elevation of Privilege

Potential Security Impact Local Elevation of Privilege VULNERABILITY SUMMARY HP Print and Scan Doctor may potentially be vulnerable to local elevation of privilege. RESOLUTION HP has provided updated software, listed in the table below. To obtain the updated software: 1. Go to HP Print and Scan...

HPSBPI03630 rev. 2 - HP Inkjet Printers - Buffer Overflow and Local Disclosure of Information

Potential Security Impact Buffer Overflow, Disclosure of Information Source: HP, HP Product Security Response Team PSRT Reported By: XiaoyuHe@VARAS VULNERABILITY SUMMARY A maliciously crafted print file might cause certain HP Inkjet printers to assert. Under certain circumstances, the printer...

HP Printer Firmware Update Utility for Certain HP DeskJet Printers - Potential Execution of Arbitrary Code

A user with administrative privileges can create a compromised dll file of the same name as the original dll within the HP printer’s Firmware Update Utility FUU bundle and place it in the Microsoft Windows default downloads directory which can lead to potential arbitrary code execution. Update yo...

AMD Client UEFI Firmware August 2023 Security Update

AMD has informed HP of a potential security vulnerability identified in some AMD client platform firmware components, which might allow arbitrary code execution. AMD is releasing firmware updates to mitigate these vulnerabilities. AMD has released updates to mitigate the potential vulnerability. ...

Intel SSD Firmware May 2022 Security Updates

Intel has informed HP of potential security vulnerabilities identified in some Intel® Solid State Drive SSD and Intel® Optane™ SSD products which may allow escalation of privilege, denial of service or information disclosure. Intel is releasing firmware updates to mitigate these potential...

HPSBHF03719 rev. 3 - Intel® Graphics Drivers February 2021 Security Update

Potential Security Impact Escalation of Privilege, Denial of Service, and Information Disclosure Source: HP, HP Product Security Response Team PSRT Reported By: Intel VULNERABILITY SUMMARY Intel has informed HP of a potential security vulnerabilities identified in some Intel® Graphics Drivers whi...

HPSBHF03710 rev. 6 - NVIDIA GPU Display Driver January 2021 Security Updates

Potential Security Impact Escalation of Privilege, Denial of Service, and Information Disclosure Source: HP, HP Product Security Response Team PSRT Reported By: NVIDIA VULNERABILITY SUMMARY NVIDIA has informed HP of potential security vulnerabilities in the NVIDIA GPU Display Driver and Software...

Intel® MEBx Firmware February 2022 Security Updates

Intel has informed HP of a potential security vulnerability identified in the Intel® Management Engine BIOS eXtensions MEBx which may allow escalation of privilege when provisioning over USB. Intel is releasing firmware updates to mitigate this potential vulnerability. Intel has released updates ...

Intel® Ethernet November 2021 Security Update

Intel has informed HP of potential security vulnerabilities in firmware for some Intel® Ethernet controllers which may allow denial of service or escalation of privilege. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Intel has released updates to mitigate the...

AMD Client UEFI Firmware Return Address Security Update

AMD has informed HP of a potential security vulnerability identified in some AMD processors, which might allow information disclosure. AMD is releasing firmware updates to mitigate these vulnerabilities. AMD has released updates to mitigate the potential vulnerability. HP has identified affected...

Certain HP Printers may be vulnerable to 3DES Sweet32 Vulnerability

A recent firmware release, specifically FutureSmart 3.9.10, altered the cipher suite prioritization list placing the 3DES cipher into the HIGH prioritization cipher list. By default, this version 3.9.10 enables 3DES which is a “weak” cipher and may potentially allow the “Sweet32” vulnerability to...

HPSBHF03702 rev. 4 - Intel® Solid State Drive (SSD) November 2020 Security Updates

Potential Security Impact Information Disclosure Source: HP, HP Product Security Response Team PSRT Reported By: Intel VULNERABILITY SUMMARY Intel has informed HP of potential security vulnerabilities identified in multiple Intel® Solid State Drive SSD products which may allow information...

Insyde Firmware Utility December 2021 Security Updates

HP has been informed of potential security vulnerabilities identified in the Insyde UEFI firmware update utility used by certain HP PC products which may allow escalation of privilege, denial of service, or information disclosure via local access. HP is releasing SoftPaq updates with mitigation f...

HPSBHF03707 rev. 1 - AMD® Ryzen Master™ Driver October 2020 Security Update

Potential Security Impact Escalation of Privilege Source: HP, HP Product Security Response Team PSRT Reported by: AMD VULNERABILITY SUMMARY AMD has informed HP of a potential security vulnerability identified in the AMD® Ryzen Master™ Driver which might allow escalation of privileges. For detaile...

HPSBHF03700 rev. 1 - Intel® Wireless Bluetooth® November 2020 Security Update

Potential Security Impact Escalation of Privilege, Denial of Service Source: HP, HP Product Security Response Team PSRT Reported by: Intel VULNERABILITY SUMMARY Intel has informed HP of potential security vulnerabilities identified in Intel® Wireless Bluetooth® products which might allow escalati...

HPSBHF03636 rev. 4 - Intel 2019.2 IPU Graphics Driver Security Updates

Potential Security Impact Escalation of Privilege, Denial of Service, or Information Disclosure Source: Intel, HP, HP Product Security Response Team PSRT Reported by: Intel VULNERABILITY SUMMARY Multiple security vulnerabilities have been identified by Intel. Intel is releasing Intel® Graphics...

Intel Dynamic Tuning Technology (DTT) Software May 2024 Security Update

Intel has informed HP of a potential security vulnerability in some Intel® Dynamic Tuning Technology DTT software installer which might allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Intel has released updates to mitigate the...

Intel 2023.3 IPU – BIOS August 2023 Security Updates

Intel has informed HP of potential vulnerabilities identified for some Intel® Processors and/or supporting BIOS firmware, which might allow escalation of privilege, information disclosure, or denial of service. Intel is releasing firmware updates and prescriptive guidance to mitigate these...

Intel 2023.1 IPU – BIOS February 2023 Security Updates

Intel has informed HP of potential vulnerabilities identified in some Intel® Processors with Intel® Software Guard Extensions SGX that might allow information disclosure and potential vulnerabilities in the BIOS firmware and Intel® Trusted Execution Technology TXT Secure Initialization SINIT...

HP Security Manager - Potential Remote Code Execution and Denial of Service

HP Security Manager may be vulnerable to potential remote code execution and denial of service. Update your printer software...

NVIDIA® GPU display driver July 2021 security update

NVIDIA has informed HP of potential security vulnerabilities identified in the NVIDIA® GPU Display Driver which may allow arbitrary code execution, denial of service, and information disclosure. NVIDIA has released updates to mitigate the potential vulnerabilities. HP has identified affected...

NVIDIA® GPU Display Driver March 2023 Security Update

NVIDIA has informed HP of potential security vulnerabilities identified in the NVIDIA® GPU Display Driver for Windows which might allow escalation of privilege, denial of service, and information disclosure. NVIDIA has released software updates to mitigate these vulnerabilities. NVIDIA has releas...

Intel® Wireless Bluetooth® and Killer™ Bluetooth® August 2022 Security Update

Intel has informed HP of potential security vulnerabilities identified in some Intel® Wireless Bluetooth® and Killer™ Bluetooth® products, which might allow escalation of privilege, denial of service, or information disclosure. Intel is releasing software and firmware updates to mitigate these...

HPSBHF03642 rev. 2 - HP ThinPro Linux Information Disclosure and Privilege Escalation

Potential Security Impact Information Disclosure, Privilege Escalation, and Arbitrary Code Execution Source: HP, HP Product Security Response Team PSRT Reported by: Eldar Marcussen - xen1thLabs - Software Labs PSR-2019-0173, CVE-2019-16285, CVE-2019-16286, CVE-2019-16287, CVE-2019-18909,...

HPSBHF03582 rev. 2 - KRACK Vulnerability Affecting WPA2 Wireless Security

Potential Security Impact Information Disclosure Source: University of Leuven Reported by: Intel VULNERABILITY SUMMARY Enhancement to address CVE-2017-13080 and CVE-2017-13081, which is the KRACK vulnerability that affects the security of WPA2 wireless LAN encryption. RESOLUTION A Microsoft...

HPSBHF03374 rev.1 - HP PCs with UEFI Firmware, Denial of Service

Potential Security Impact Denial of service VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with certain HP consumer notebook PCs, HP commercial notebook PCs, HP consumer desktop PCs, HP commercial workstation PCs, Retail Solutions and Thin Clients with UEFI Firmware...

AMD Graphics Driver November 2023 Security Update

AMD has informed HP of potential vulnerabilities identified in some AMD Graphics Drivers for Windows, which might allow arbitrary code execution or denial of service. AMD has released updates to mitigate the potential vulnerabilities. HP has identified affected platforms and corresponding SoftPaq...