If you’ve got an HP desktop, laptop or tablet, you should check to see whether there’s a BIOS/UEFI system-firmware update ready for it. Sixteen newly disclosed security flaws could let hackers implant deeply buried, undetectable malware, the company announced in a security bulletin yesterday (March 8).
Security firm Binarly, which discovered these 16 flaws, explained in a blog post yesterday that firmware-integrity checks, antivirus software or the Secure Boot process wouldn’t be able to detect malware that exploited these UEFI/BIOS flaws. The malware could be implanted as part of other infections or intrusions.
It’s not known how many HP devices are affected, but five of the flaws are already known to affect hundreds of HP business-oriented models, as the company detailed in a previous security bulletin. The identification of consumer models affected by any of these 16 flaws is still pending.
This story was earlier reported by Bleeping Computer.
How to update your HP BIOS/UEFI firmware
HP has made patches available to fix all these flaws. But because we don’t know exactly which consumer models are affected, you’ll have to check your machine yourself by going to the HP software-and-drivers support page.
Once there, either type in your device’s serial number or let the HP support website detect your model. From there, the support site will walk you through the download-and-installation process. HP has further BIOS-update instructions here.
Serious UEFI flaws
The flaws reside in the UEFI firmware that controls HP motherboards, the most basic form of software running computers. UEFI is the successor to the better-known BIOS system, but both function the same way. It’s the software that responds when you press the power button, turning on the motherboard and activating the hard disk so that Windows, Linux or another operating system can load.
Because UEFI and BIOS operate “below” the primary operating system, antivirus software often can’t detect malware infections or other problems with them. UEFI generally counters this with firmware-integrity checks during the boot-up sequence, but Binarly said that integrity checks wouldn’t work in these cases.
“The active exploitation of all the…