Millions of HP OMEN desktop and laptop gaming PCs are exposed to attacks by a high severity vulnerability that can allow malicious actors to trigger denial of service states or elevate privileges and disable security solutions .
The security breach (tracked as CVE-2021-3437) was found in a driver used by OMEN Gaming Hub software which is preinstalled on all HP OMEN desktops and laptops.
CVE-2021-3437 is caused by HP’s choice to use vulnerable code partially copied from WinRing0.sys, an open source driver, to create the HpPortIox64.sys driver that OMEN Gaming Hub software uses to read / write the kernel memory, PCI configurations, I / O ports, and model-specific registers (MSRs).
Millions of devices and users impacted
OMEN Gaming Hub can be used to enhance its gaming experience by overclocking, optimizing system settings for various gaming profiles, adjusting lighting on gaming devices and accessories, and much more.
Since the software can also be downloaded from the Microsoft Store and installed on any Windows 10 computer with peripheral accessories sold under the HP OMEN brand, millions of PCs around the world are affected by this vulnerability.
“An exploitable kernel driver vulnerability can lead an unprivileged user to SYSTEM because the vulnerable driver is locally available to everyone,” as SentinelOne researchers explained in a report released today.
“This high severity flaw, if exploited, could allow any user of the computer, even without privileges, to elevate their privileges and execute code in kernel mode.
Once attackers gain SYSTEM privileges on targeted HP OMEN devices, they can easily disable security products, overwrite system components with malicious payloads, corrupt the underlying operating system, or perform any other action. malicious task of their choice.
The complete list of software products affected by this vulnerability includes:
- HP OMEN Game Hub prior to version 220.127.116.11
- HP OMEN Gaming Hub SDK prior to version 1.0.44
Security fixes available since July
While HP released fixes for this high severity vulnerability through the Microsoft Store on July 27 (the company posted a security advisory today), SentinelOne also shared its findings in today’s report to warn users to update their software and defend their systems from attackers using CVE -2021-3437 exploits.
“While we have not seen any indication that these vulnerabilities have been exploited in the wild so far, using any OMEN branded PC with the vulnerable driver used by OMEN Gaming Hub makes the potentially vulnerable user, ”SentinelOne warned.
“Therefore, we urge OMEN computer users to ensure that they take appropriate mitigation measures without delay.
Today’s report follows one released by SentinelOne last month regarding a 16-year-old security vulnerability found in an HP, Xerox, and Samsung printer driver that allows attackers to gain rights to the printer. administrator on systems using the vulnerable software.
Earlier this year, SentinelOne researchers also discovered a 12-year-old privilege escalation bug in Microsoft Defender Antivirus (formerly Windows Defender) that malicious actors can exploit to gain administrator rights on non-Windows systems. corrected.
- Millions of HP Omen gaming PCs threatened by driver flaw
- How to block the automatic installation of insecure Windows Plug and Play applications
- Microsoft fixes the remaining vulnerabilities of Windows PrintNightmare
- Microsoft fixes critical bugs in secretly installed Azure Linux application
- Razer Synapse bug grants Windows administrator privileges by plugging in mouse or keyboard
- Netgear Fixes Serious Security Bugs in Over a Dozen Smart Switches
- Millions of Microsoft servers run on vulnerable legacy software
- Exploits for nasty Internet Explorer bug found on hacking forums
- New Windows Security Updates Halt Network Printing