There's a hole in your laptop, dear HP, dear HP

There's a hole in your laptop, dear HP, dear HP

Summary: There's a very serious vulnerability in the Help and Support Center utility that ships with HP laptops.

SHARE:
19

The Help and Support Center utility that ships with HP laptops might be giving help to all the wrong people.

HP laptopAccording to a brief note from HP, there's a very serious vulnerability in the utility that could be used by hackers to seize control of Windows XP machines.

"[This update fixes] a security vulnerability that exploits a buffer overflow condition, which may have allowed a malicious website to read or write files on the PC," HP warns.

No other details are provided and it's not quite clear if this patch is pushed down to HP laptops automatically.

HP is offering an executable download (.exe) that must be manually applied on the vulnerable notebook.

The Help and Support Center comes pre-installed on HP laptops to provide easy access to product information, preventative care and maintenance assistance, and web links to online support and technical assistance.

Users worried about this threat should consider removing the entire utility (Control Panel > Add/Remove Programs) from laptops.

* More from heise Security.

Topics: Laptops, Hewlett-Packard

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

19 comments
Log in or register to join the discussion
  • This makes me wonder ?

    Are there more holes in Windows than there are Black holes in the Universe ?
    Intellihence
    • Maybe

      but you've got the wrong thread. This refers to a vulnerability in HP's Help and Support Center software. Not the Windows OS.
      Badgered
      • it does not matter

        It can't happen on Linux or Mac, it's only on windoze because it's a crappy OS.
        Once again windoze is proved to be the most insecure OS.
        Linux Geek
        • Yup

          This proves it allright. In fact, that is [b]exactly[/b] why Apple put baboons on the "Safari for Windows" project instead of trained deveopers.

          Safari for Windows ABSOLUTELY, POSITIVELY proves how poor MS devs are. Incontrovertibly.
          KTLA
          • Apple hires baboons to code?

            [i]This proves it allright. In fact, that is exactly why Apple put baboons on the "Safari for Windows" project instead of trained deveopers.[/i]

            If you say so....
            Badgered
        • re:It does not matter

          Actually, it does matter. But only in so far as the OP is slamming Windows for a flaw in their code when the blame belongs to HP on this one.

          I'm certainly not arguing Microsoft's security record.
          Badgered
        • oh baloney

          Any third party software for any OS can have vulnerabilities like this. I can easily see it happening in some of the drivers and utilities packaged by HP, Palm, Epson for their products.
          rpmyers1
        • Message has been deleted.

          Hallowed are the Ori
    • What many here ponder

      is whether all the holes in Windows combined would equal the size of the one in your head?
      GuidingLight
      • Wrong

        There may be a hole in his head, but it's full of apple pudding.
        Hallowed are the Ori
    • Oh please...

      You probably don't know a thing about either...
      butler360
    • You are a virus

      `
      xuniL_z
  • Well, I don't wonder at all

    I think Ryan does a very good and valuable job here.

    As I've said in following up on the after Patch Wednesday thread.

    It is very important that we hear about these bugs. It is incredibly sloppy programming, and clearly very dangerous to us all by now.

    And yes, I would know. It's been easy since the early 1980s to very easily eliminate all buffer overflows. Self-checking objects.

    You don't feel comfortable that Ryan mentions the faults. Well, get the programmers to do it right. You know where first.

    Narr vi
    Narr vi
  • I patched my HP dv2000z with...

    ...openSUSE 10.2
    No worries.
    D T Schmitz
    • Question: Did it come with a DVD+R/RW drive...

      ...and did the 'patch' upgrade it into a DVD?R/RW drive?

      I dual boot my HP Compaq nx6125 with PCLinuxOS and Bingo! ...I can now burn DVD-R/RWs.

      Funny thing is, when I boot back into WinXPSP2, the firmware update is gone and DVD-Rs are seen as invalid disks!

      Let me know.
      Logics
      • I don't dual boot...

        ...I installed openSUSE 10.2 over the top of Windows XP Media Center Edition :(

        Here's what Yast>Hardware>Hardware Info returns for the CD device:

        /*
        storage.cdrom.cdrw = true
        storage.cdrom.dvdplusrw = true
        */

        I run Windows XP Pro from a VMware server (boots in 3 secs...bababammm!)

        Thanks
        D T Schmitz
    • And we're all very happy for you.

      nt
      Hallowed are the Ori
  • already deleted this

    Every laptop or desktop from HP, I wipe out all the usual garbage on it. So no worry for me
    RIAAsucks
    • Me too.

      And we recentley got several of these.
      wmlundine