"Millions " of gaming devices, including a wide variety of HP Omen data gaming laptops and desktop computers, as well as HP Pavilion and HP Envy models , must be updated immediately, HP said.
SentinelLabs researchers have released details of the vulnerability, identified as CVE-2021-3437, which can be exploited by malicious actors to elevate privileges and disable security solutions, and conduct all kinds of malicious activity.
"This vulnerability severity affects millions of PCs and users worldwide. Although we have not seen any indication that these vulnerabilities have been exploited in the wild so far, using any Omen -branded PC with the vulnerable driver used par Omen Gaming Hub makes the user potentially vulnerable, note the researchers. TechRadar needs you!
We take a look at how our readers are using VPN with streaming sites like Netflix so we can improve our content and offer better advice. This survey will take no more than 60 seconds of your time, and we would greatly appreciate your sharing your experiences with us.
>> Click here to start the survey in a new window
The vulnerability was
By parsing the scan technically, BleepingComputer reports that the vulnerability existed in the HP Omen Command Center, which helps gamers change the settings of their gaming machines.
The software can also be picked up from the Microsoft Store for n 'any Windows 10 PC that uses accessories sold under HP's Omen brand, which further increases the number of potentially usable computers.
According to researchers, the source of the bug is a driver which partly relies on the open source WinRing0. sys to help manage
"The link between the two drivers is easily seen because on some signed HP versions, the data information shows the original file name and product name. Unfortunately, the issues with the WinRing0.sys driver are well known, ”the researchers share.
HP first released fixes for the vulnerability through the Microsoft Store on July 27, before releasing a security noticeity to coincide with the SentinelOne scan.
Although the researchers did not detect any exploits based on the vulnerability, they urge all affected users to " ensure t hey, take the appropriate mitigation measures without delay. "
via Computer sound