Intel® PROSet/Wireless WiFi and Killer™ WiFi August 2023 Security Update

Intel has informed HP of potential vulnerabilities identified in some Intel® PROSet/Wireless WiFi and Killer™ WiFi products, which might allow escalation of privilege or denial of service. Intel is releasing firmware and software updates to mitigate these potential vulnerabilities. Intel has...

Intel® Unite® Hub Software August 2023 Security Update

Intel has informed HP of a potential vulnerability identified in the Intel® Unite® Hub software, which may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential vulnerability. HP has...

Intel 2023.3 IPU – BIOS August 2023 Security Updates

Intel has informed HP of potential vulnerabilities identified for some Intel® Processors and/or supporting BIOS firmware, which might allow escalation of privilege, information disclosure, or denial of service. Intel is releasing firmware updates and prescriptive guidance to mitigate these...

Intel 2023.3 IPU – Chipset Firmware August 2023 Security Update

Intel has informed HP of potential vulnerabilities identified in the Intel® Converged Security Management Engine CSME, Active Management Technology AMT, and Intel® Standard Manageability software that might allow escalation of privilege or denial of service. Intel is releasing updates to mitigate...

AMD® Ryzen Master™ SDK February 2023 Security Update

AMD has informed HP of a potential security vulnerability identified in the AMD® Ryzen Master™ Monitoring SDK, which might allow escalation of privilege. AMD has released software to mitigate the potential vulnerability. AMD has released updates to mitigate the potential vulnerability. HP has...

AMD Client UEFI Firmware August 2023 Security Update

AMD has informed HP of a potential security vulnerability identified in some AMD client platform firmware components, which might allow arbitrary code execution. AMD is releasing firmware updates to mitigate these vulnerabilities. AMD has released updates to mitigate the potential vulnerability. ...

Certain HP and Samsung printer software - Potential elevation of privileges

Certain HP and Samsung Printer software packages may potentially be vulnerable to elevation of privilege due to Uncontrolled Search Path Element. Update the printer software...

HP Security Manager and Web Jetadmin - Potential remote code execution

HP Security Manager and Web Jetadmin may potentially be vulnerable to Remote Code Execution when using certain versions of Microsoft SQL Server Express. For additional information regarding the potential vulnerability and Microsoft SQL security patches for existing installations, please visit the...

Certain HP LaserJet Pro print products - Potential elevation of privilege and/or information disclosure

Certain HP LaserJet Pro print products are potentially vulnerable to an Elevation of Privilege and/or Information Disclosure related to a lack of authentication with certain endpoints. Update the printer firmware...

Certain HP LaserJet Pro Print Products - Potential Buffer Overflow

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow when performing a GET request to scan jobs. Update the printer firmware...

Certain HP LaserJet Pro Print Products – Potential Buffer Overflow and/or Denial of Service

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Denial of Service when using the backup & restore feature through the embedded web service on the device. Update the printer firmware...

Certain HP LaserJet Pro Print Products - Potential Buffer Overflow

Certain HP LaserJet Pro print products are potentially vulnerable to a stack-based buffer overflow related to the compact font format parser. Update the printer firmware...

Certain HP LaserJet Pro Print Products - Potential Remote Code Execution, Information Disclosure

Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code Execution and/or Elevation of Privilege via Server-Side Request Forgery SSRF using the Web Service Eventing model. Update the printer firmware...

AMI UEFI Firmware June 2023 Security Update (TOCTOU)

A potential Time-of-Check to Time-of-Use TOCTOU vulnerability has been identified in certain HP PC products using AMI UEFI Firmware system BIOS, which might allow arbitrary code execution. AMI has released updates to mitigate the potential vulnerability. AMI has released updates to mitigate the...

Certain HP Enterprise LaserJet MFP Products – Potential Buffer Overflow, Remote Code Execution

A potential security vulnerability has been identified for certain HP multifunction printers MFPs. The vulnerability may lead to Buffer Overflow and/or Remote Code Execution when running HP Workpath solutions on potentially affected products. Update the printer firmware...

HP PC Hardware Diagnostics Windows, HP Image Assistant, and HP Thunderbolt Dock G2 Firmware – Potential Buffer Overflow, Elevation of Privilege

Certain versions of HP PC Hardware Diagnostics Windows, HP Image Assistant, and HP Thunderbolt Dock G2 Firmware are potentially vulnerable to buffer overflow and/or elevation of privilege. HP has released updates to mitigate the potential vulnerabilities. HP has identified affected platforms and...

Intel Unite® Client Software May 2023 Security Update

Intel has informed HP of potential security vulnerability in the Intel® Unite® Client software for Windows, which might allow escalation of privilege. Intel is releasing firmware updates to mitigate these potential vulnerability. Intel has released updates to mitigate the potential vulnerability...

Intel 2023.2 IPU – BIOS May 2023 Security Update

Intel has informed HP of potential vulnerabilities identified in BIOS firmware for some Intel® Processors which might allow escalation of privilege and information disclosure. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Intel has released updates to mitigate t...

Intel® Virtual RAID on CPU (VROC) May 2023 Security Update

Intel has informed HP of potential security vulnerabilities in the Intel® Virtual RAID on CPU VROC software, which might allow escalation of privilege or denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities. Intel has released updates to mitigate the...

AMD Client UEFI Firmware May 2023 Security Update

AMD has informed HP of potential vulnerabilities identified in client platform components for some AMD Athlon™ Processors and Ryzen™ Processors, which might allow arbitrary code execution, denial of service, and/or information disclosure. AMD is releasing firmware updates to mitigate these...

HP PC BIOS August 2022 Additional Updates for Potential SMM and TOCTOU Vulnerabilities

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate these potential vulnerabilities. HP has...

NVIDIA® GPU Display Driver March 2023 Security Update

NVIDIA has informed HP of potential security vulnerabilities identified in the NVIDIA® GPU Display Driver for Windows which might allow escalation of privilege, denial of service, and information disclosure. NVIDIA has released software updates to mitigate these vulnerabilities. NVIDIA has releas...

HP Device Manager Security Updates

Previous versions of HP Device Manager prior to HPDM 5.0.10 could potentially allow command injection and/or elevation of privileges. HP has released HP Device Manager 5.0.10, which includes updates to mitigate these potential vulnerabilities. All the identified vulnerabilities listed previously...

Certain HP ENVY, LaserJet, OfficeJet, PageWide Pro Print Products - Potential Buffer Overflow, Remote Code Execution

Certain HP ENVY, LaserJet Pro, OfficeJet Pro, and PageWide Pro print products are potentially vulnerable to Buffer Overflow and/or Remote Code Execution. Update the printer firmware...

Certain HP LaserJet, PageWide Pro Print Products - Potential Heap Overflow, Remote Code Execution

Certain HP LaserJet and PageWide Pro print products are potentially vulnerable to Heap Overflow and/or Remote Code Execution. Update the printer firmware...

Certain HP ENVY, LaserJet, OfficeJet, PageWide Pro print products - Potential Buffer Overflow, Elevation of Privilege

Certain HP ENVY, LaserJet, OfficeJet, and PageWide Pro print products are potentially vulnerable to Buffer Overflow and/or Elevation of Privilege. Update the printer firmware...

Certain HP Enterprise LaserJet and HP LaserJet Managed printers - Potential information disclosure

Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to information disclosure when IPsec is enabled with FutureSmart version 5.6. Update the printer firmware...

Certain DesignJet and PageWide XL products - Potential information disclosure

Certain DesignJet and PageWide XL TAA compliant models may have risk of potential information disclosure if the hard disk drive is physically removed from the printer. HP has provided firmware updates to resolve the issue for the potentially affected products listed in the table below...

Insyde UEFI Firmware March 2023 Security Update (TOCTOU)

Potential Time-of-Check to Time-of-Use TOCTOU vulnerabilities have been identified in certain HP PC products using Insyde UEFI firmware InsydeH20, which may allow arbitrary code execution, denial of service, and information disclosure. Firmware updates have been released to mitigate the potential...

HP PC BIOS February 2023 Security Update (TOCTOU)

Potential Time-of-Check to Time-of Use TOCTOU vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerabilities. HP has...

Intel® Integrated Sensor Solution February 2023 Security Update

Intel has informed HP of a potential security vulnerability in the Intel® Integrated Sensor Solution that might allow denial of service. Intel is releasing firmware updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential vulnerability. HP has...

Intel 2023.1 IPU – BIOS February 2023 Security Updates

Intel has informed HP of potential vulnerabilities identified in some Intel® Processors with Intel® Software Guard Extensions SGX that might allow information disclosure and potential vulnerabilities in the BIOS firmware and Intel® Trusted Execution Technology TXT Secure Initialization SINIT...

Potential Escalation of Privilege in HP Factory Preinstalled Windows 10 20H2 Images

HP Factory Preinstalled Images on certain systems that shipped with Windows 10 versions 20H2 and earlier OS versions might allow escalation of privilege via execution of certain files outside the restricted path. This potential vulnerability was remediated starting with Windows 10 versions 21H2 o...

NVIDIA® GPU Display Driver November 2022 Security Update

NVIDIA has informed HP of potential security vulnerabilities identified in the NVIDIA® GPU Display Driver for Windows which might allow escalation of privilege, arbitrary code execution, denial of service, or information disclosure. NVIDIA has released software updates to mitigate these...

AMD Client UEFI Firmware January 2023 Security Updates

AMD® has informed HP of potential vulnerabilities identified in the AMD client platform firmware components which might allow arbitrary code execution and/or denial of service. AMD is releasing firmware updates to mitigate these vulnerabilities. AMD has released updates to mitigate the potential...

AMI UEFI Firmware December 2022 Security Update (TOCTOU)

A potential Time-of-Check to Time-of-Use TOCTOU vulnerability has been identified in certain HP PC products using AMI UEFI Firmware system BIOS which might allow arbitrary code execution, denial of service, and information disclosure. AMI has released updates to mitigate the potential...

HyperX NGENUITY - Potential Elevation of Privilege

HyperX NGENUITY software is potentially vulnerable to an elevation of privilege vulnerability. This potential vulnerability was remediated on November 8, 2021. Use the following steps to resolve potential vulnerabilities...

Apache Text4Shell and others update for Teradici Cloud Access Connector

HP has provided updated versions of Teradici Cloud Access Connector that remediate vulnerabilities found in Apache Commons Text Text4Shell prior to 1.10.0, Apache Commons BCEL prior to 6.6.0, Apache Commons Configuration prior to 2.7, and ESAPI The OWASP Enterprise Security API prior to 2.3.0.0...

Realtek HD Audio Driver December 2022 Security Update

HP has been informed of a potential security vulnerability identified in some Realtek® High-Definition Audio Windows drivers which might allow denial of service system crash. Realtek has released updated drivers to mitigate the potential vulnerability. Realtek released updates to mitigate the...

HP PC BIOS December 2022 Security Update (TOCTOU)

A potential Time-of-Check to Time-of-Use TOCTOU vulnerability has been identified in the BIOS for certain HP PC products which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability. HP has identifi...

AMD Client UEFI Firmware November 2022 Security Update

AMD has informed HP of potential vulnerabilities identified in AMD client platform firmware components, which might allow escalation of privilege and arbitrary code execution. AMD is releasing firmware updates to mitigate these vulnerabilities. AMD has released updates to mitigate the potential...

HP Security Manager - Multiple vulnerabilities

Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure. Update your printer software...

Privilege escalation via HPSFViewer

HPSFViewer might allow Escalation of Privilege. This potential vulnerability was remediated on July 29th, 2022. Customers who opted for automatic updates should have already received the remediation. HP strives to address all security issues with HP apps at best possible speed and make the latest...

Certain HP Printers may be vulnerable to 3DES Sweet32 Vulnerability

A recent firmware release, specifically FutureSmart 3.9.10, altered the cipher suite prioritization list placing the 3DES cipher into the HIGH prioritization cipher list. By default, this version 3.9.10 enables 3DES which is a “weak” cipher and may potentially allow the “Sweet32” vulnerability to...

HP PC BIOS November 2022 Security Update for Potential Stack Buffer Overflow

A potential vulnerability has been identified in the system BIOS for certain HP PC products which might allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerability. HP has identified affected platforms and corresponding SoftPaqs with...

Intel 2022.3 IPU - Chipset Firmware November 2022 Security Update

Intel has informed HP of potential security vulnerabilities in some Intel® Chipset Firmware in Intel® Converged Security and Manageability Engine CSME, Intel® Active Management Technology AMT, and Intel® Standard Manageability, which might allow escalation of privilege or denial of service. Intel...

Intel 2022.3 IPU - BIOS November 2022 Security Update

Intel has informed HP of potential security vulnerabilities in the BIOS firmware for some Intel® Processors which may allow escalation of privilege. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Intel has released updates to mitigate the potential vulnerabilitie...

AMD Graphics Driver November 2022 Security Update

AMD has informed HP of potential vulnerabilities affecting some AMD® Graphics products, which might allow escalation of privilege and code execution. AMD is releasing an updated AMD Graphics Driver to mitigate the potential vulnerabilities. AMD has released updates to mitigate the potential...

HP PC BIOS November 2022 Security Updates for Potential TOCTOU Vulnerabilities

Potential time-of-check to time-of-use TOCTOU vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate these potential...

Intel® XMM™ 7560 Modem November 2022 Security Update

Intel has informed HP of potential security vulnerabilities in some Intel® XMM™ 7560 Modem software, which might allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Intel has released updates to mitigate the potential vulnerabilities. HP...