Zero Day Flaw Affects 82 HP Laptop Models

Hewlett-Packard (HP) has issued an hp.com warning regarding a gaping security hole that affects 82 laptop models running Windows 2000, Windows XP and Windows Vista.  According to reports from the company, the 'backdoor' could put users at risk for drive-by code execution attacks. (Source: zdnet.com)

The 82 laptop models are listed in the advisory from HP as open to the ActiveX vulnerability found on the HP Info Center software. A roadmap for exploiting the vulnerability is making rounds on the Internet. HP has rated the issue as "critical."

To run the exploit, all the laptop owner has to to is visit a malicious web site while using Microsoft's Internet Explorer. Risks include remote code execution, remote system registry read/write access and remote shell command execution.

The ActiveX control that is vulnerable is identified as HPInfoDLL.dll, marked as "Safe for Scripting" by default.

At the bottom of the HP warning are instructions for applying the 'patch.' The patch does not immediately fix the vulnerability, but disables the HP Info Center software instead. The 'patch' (sp38166) can be downloaded from hp.com.

Visit Bill's Links and More for more great tips, just like this one!