HP confirms gaping backdoor on 82 laptop models

HP confirms gaping backdoor on 82 laptop models

Summary: Computer maker Hewlett Packard has fessed up to a gaping security hole on more than 80 laptop models, warning that the backdoor could users at risk of drive-by code execution attacks.

SHARE:

HP confirms gaping backdoor on 82 laptop modelsComputer maker Hewlett Packard has fessed up to a gaping security hole on more than 80 laptop models, warning that the backdoor could users at risk of drive-by code execution attacks.

An advisory from HP lists 82 laptop models as vulnerable to the ActiveX vulnerability found on the HP Info Center software.   The issue is rated "critical" and HP laptop owners should be aware that public exploit code that provides a roadmap for exploiting the hole is circulating around the Internet.

A successful exploit simply requires that the laptop owner is lured to a malicious Web site while using Microsoft’s Internet Explorer.  The risks include remote code execution, remote system registry read/write access and remote shell command execution.

It affects laptops running Windows 2000, Windows XP and Windows Vista.

[ SEE: There’s a hole in your laptop, dear HP, dear HP ]

The vulnerable ActiveX control is identified as HPInfoDLL.dll, which is marked as “Safe for Scripting” by default.

HP issued what could best be described as an interim patch that must be manually applied on vulnerable machines.   It does not patch the vulnerability but instead disables the HP Info Center software.Instructions on applying the fix are available at the bottom of HP's advisory.

ALSO SEE:  Zero-day flaw haunts HP laptop models

Topics: Laptops, Hardware, Hewlett-Packard, Mobility

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

9 comments
Log in or register to join the discussion
  • HP Isn't The Problem

    ActiveX is the problem. ActiveX has been the source of more worms and exploits than any other scripting languange.

    http://goodcomputing.blogspot.com/2007/10/why-isnt-your-computer-secure.html
    goodcomputing
    • YEAH GREAT POST!!!!!

      Totally right. The problem is that Win$ux was built on a 20 year old DOS that was single-process, single-user, and non-networked. Then, Micro$ux was a convicted monopolist which just proves that everything they've done is bad for consumers, just like this flaw!

      If everyone switched to OS X, malware would disappear overnight. That's a fact!
      NonZealot
      • Common Sense is not your strong point is it?

        <b>If everyone switched to OS X, malware would disappear overnight. That's a fact!</b>

        <br><br>

        Of course then every virus and Malware writer would target OS X, which isn't hack proof, because that's what every one would be using. DUH!!!!!
        k12IT
        • Prove that OS X isn't hack proof!

          0 (zero, nada, zilch) exploits in the wild targetting OS X users. There has never, in the history of the world, been an OS X machine that has been hacked or exploited in the wild. Sorry, security research labs and competitions don't count, we are talking [b]REAL[/b] world here. They can target OS X all they want but they won't get in. Note, I'm not saying OS X is perfect though so don't misquote me!
          NonZealot
          • First I'd like proof....

            ...anyone CARES to hack OSX.

            You guys keep chanting your mantra of perfection and you'll get there....
            DCMann
          • BUT I SPECIFICALLY SAID OS X ISN'T PERFECT!!!!!!

            [i]You guys keep chanting your mantra of perfection and you'll get there....[/i]

            I just said that OS X had no flaws, not that OS X was perfect. Sheesh, read what I wrote!
            NonZealot
        • Don't pay any attention to the professional Troll

          He thinks he is imitating "Mac Zealots" but all he is really doing is making a fool of
          himself. Some people simply crave attention, even negative attention.
          MarcB_z
  • Just remove it

    Those stupid info center programs are the first thing I remove when getting a new computer. Both Dell and Lenovo use them too.
    DarthRidiculous
  • Computer companies emulating MS backdoors

    One of the troubling aspects is the amount of malware being installed on PCs by the big-name vendors. Most operate under the guise of "monitoring" the PC and reporting problems back to their homebase. Some download or activate software without warning or notice. We bought a few Dells this last year, but it was a mistake I won't repeat. Every one of them started "phoning home" even though our tech tried repeatedly to disable all of the add-on software that Dell dumped on those machines. In the end, we had to resort to the tried and true method: wipe and start over. Calls to the Dell support center yielded a variety of results, everything from complex instructions to disable the software to one CSR who just told us flatly that we can't disable the features without essentially disabling the system.

    The big computer vendors took a lesson from Microsoft and started treating PCs like they still owned them even after they left the shipping dock. That is WRONG, and they aren't getting any more business from us because of it.
    terry flores