Researchers from Binarly disclosed several high-severity vulnerabilities in firmware used in HP business computers to the company more than a year ago. Some of the flaws remain unpatched, even after Binarly publicly disclosed them at Black Hat last month. The vulnerabilities could be exploited to steal data or even shut down an affected computer.
- Make sure that firmware updates are in your SOP for keeping systems secure. Also make sure that you’re only deploying genuine firmware updates. If you’re worried about your HP firmware, Binarly has released an open-source tool “FwHunt” to scan for UEFI firmware vulnerabilities.