The Omen Gaming Hub, which is preinstalled on HP computers from the Omen series, has a serious security flaw. HP has already started an update for the drivers, the update is strongly recommended for all users.
Millions of HP Omen laptop and desktop gaming computers are exposed to a critical vulnerability that allows threat actors to carry out denial-of-service attacks, elevate user privileges, and disable security solutions. This comes from a report by Bleeping Computer.
HP Omen Gaming Hub Older version PCs are vulnerable
The HP Gaming Hub versions prior to 184.108.40.206 and the HP Omen Gaming Hub SDK package prior to version 1.0.44 are affected. The vulnerabilities were discovered by external security researchers from SentinelOne. They reported the vulnerabilities to HP and now published them after the updates were released: “An exploitable kernel driver vulnerability can lead an unprivileged user to the system because the vulnerable driver is locally available to everyone,” according to the researchers.
“This serious vulnerability CVE-2021-3437, if exploited, could allow anyone on the computer, even without privileges, to increase their privileges and execute code in kernel mode.”
Local attack required
However, it is more difficult for an attacker to exploit the security hole, since direct access to the system is required (local attack). However, as soon as attackers have obtained system rights on the affected HP Omen devices, they can easily deactivate installed security products, overwrite system components with malicious user data, damage the underlying operating system or perform any other malicious tasks.
HP has already made a list of the endangered devices available. It includes Omen and HP Pavilion gaming laptops as well as HP Envy, HP Pavilion, and Omen desktop gaming systems.
Manager at Research Snipers, RS-NEWS, Digital marketing enthusiast and industry professional in Digital technologies, Technology News, Mobile phones, software, gadgets with vast experience in the tech industry, I have a keen interest in technology, News breaking.