Zero Day Flaw Affects 82 HP Laptop Models

Hewlett-Packard (HP) has issued an hp.com warning regarding a gaping security hole that affects 82 laptop models running Windows 2000, Windows XP and Windows Vista.  According to reports from the company, the 'backdoor' could put users at risk for drive-by code execution attacks. (Source: zdnet.com)

The 82 laptop models are listed in the advisory from HP as open to the ActiveX vulnerability found on the HP Info Center software. A roadmap for exploiting the vulnerability is making rounds on the Internet. HP has rated the issue as "critical."

To run the exploit, all the laptop owner has to to is visit a malicious web site while using Microsoft's Internet Explorer. Risks include remote code execution, remote system registry read/write access and remote shell command execution.

The ActiveX control that is vulnerable is identified as HPInfoDLL.dll, marked as "Safe for Scripting" by default.

At the bottom of the HP warning are instructions for applying the 'patch.' The patch does not immediately fix the vulnerability, but disables the HP Info Center software instead. The 'patch' (sp38166) can be downloaded from hp.com.

Visit Bill's Links and More for more great tips, just like this one!

Related articles:

Stay Informed: Subscribe Free to Infopackets, Today! Get your daily fix of Microsoft Windows news, reviews, tech tips, plus free software (freeware) goodies daily -- all absolutely free -- delivered straight to your email inbox! Bonus: join our website today and you'll also receive our highly coveted Top 10 Tech Reports, including: Top 10 PC Security Essentials, Windows Optimization Secrets, Top Freeware Antivirus, MS Office alternatives and more. Don't delay: subscribe today! Click here for more info.

Infopackets Game of the Week

Secrets of the Dark: Eclipse Mountain Collector's Edition

Click here to read more.