Office Professional Plus 2010 Key 'Bricking' bug t
 

Computerworld - The hacker who posted an exploit last week that threatened a sizable swath of Hewlett-Packard Co.'s laptop computer lineup followed up yesterday with new assault code that may "brick" almost each and every HP laptop computer.
Within a submit on the milw0rm.com Web site Wednesday, a Polish security researcher who used the alias "porkythepig" spelled out a pair of vulnerabilities in an ActiveX control utilized by HP's Computer software Update, the patch management system bundled with just about every single HP- and Compaq-branded laptop.
According to porkythepig's publish, the Computer software Update bugs allow an attacker corrupt Windows' kernel files, making the laptop unbootable, or which has a minor far more hard work, allow hacks that may result in a Computer hijack or malware infection. In possibly case, a drive-by attack might be performed by feeding customers an e-mail message which has a hyperlink to a malicious Web site.
"Every HP notebook machine made up of the HP Computer software Updates application is vulnerable," claimed porkythepig. "It is achievable the vulnerable machine model checklist disclosed through the vendor being a confirmation towards the previous situation about HP laptops,Office 2010 Professional Key, [the] HP Info Center scenario, will be similar within this situation."
Final week,Buy Office 2010, porkythepig disclosed multiple flaws in other application provided with HP's portables. Once the organization patched the vulnerabilities every day later on, it detailed 83 impacted laptops.
The scenario in which an attacker overwrites the kernel and thus "bricks" the HP or Compaq notebook, was from the regular, considering that most hacks aim to snatch control in the machine or infect it with identity-stealing malware. However the crippling attack, explained porkythepig, is really the less complicated with the two. "This assault vector doesn't require any further victim social engineering, since the technique files are constantly positioned within the predictable locations,Office 2010," he stated.
A drive-by assault that hopes to execute rogue code,Windows 7 Home Premium Key, even so, needs a lot more perform. To efficiently exploit the ActiveX bug in Software Update and compromise the personal computer, the hacker needs to know the area of certain files.
The researcher said he had tested the exploit code on Windows 2000, XP, Server 2003 and Vista, and the vulnerabilities pose a threat to any user with both World wide web Explorer 6 (IE6) or IE7 within the Laptop. Nor will HP have the ability to utilize the down-and-dirty repair it deployed very last week, explained porkythepig. Soon after he unveiled many bugs in HP's Data Center per week ago, HP issued an update that basically disabled the susceptible computer software.
"Simple disabling of the susceptible handle through the vendor's patch, like from the other HP software program vulnerability circumstance, HP Data, [could still] outcome within the machine['s] computer software update technique [being] compromised, and would leave the consumer susceptible to foreseeable future protection concerns," porkythepig said from the milw0rm.com write-up.

HP didn't reply to e-mailed requests for confirmation and comment.


Related News and Discussion:
Update: Most HP,Office Professional Plus 2010 Key, Compaq notebooks ship with code bugs
Evan Koblentz, Engineering Rewind: HP-35/35th Anniversary Edition anticipated quickly
Robert L. Mitchell, Reality Check: Ink wars: HP's glass fifty percent empty defense
Robert L. Mitchell, Reality Verify: Kodak vs HP ink wars: Select your paper wisely
HP unveils its 1st Linux laptop
Ken Mingis, Mingis on Macs: Mac users 'unbearably smug' about security?
C.J. Kelly's website: Hacking Stupidity 101: In no way hack from house
The eight most harmful client technologies
Read much more about Security in Computerworld's Security Subject Middle.