A significant flaw has been uncovered in the driver of a well-known Laptop gaming software program utilised by thousands and thousands.
Researchers from SentinelLabs published details of the vulnerability in the HP Omen Gaming Hub on September 14. They mentioned that attackers could exploit the flaw to regionally escalate to kernel-mode privileges.
“With this stage of obtain, attackers can disable security solutions, overwrite process elements, corrupt the OS, or execute any malicious functions unimpeded,” wrote researchers.
Omen will come preinstalled on all HP OMEN desktops and laptops and can be applied to command and improve options such as gadget GPU, admirer speeds, CPU overclocking, memory and much more.
The vulnerability was reported to HP on February 17, 2021, and was afterwards provided a Widespread Vulnerability Scoring Program (CVSS) rating of 7.8, making it a large-severity flaw.
No proof of the flaw’s currently being exploited in the wild was uncovered by SentinelOne.
“While we have not seen any indicators that these vulnerabilities have been exploited in the wild up until now, using any OMEN-branded Pc with the vulnerable driver used by OMEN Gaming Hub makes the user possibly susceptible,” pointed out researchers. “Therefore, we urge people of OMEN PCs to assure they choose correct mitigating actions with out delay.”
Commenting on the freshly unearthed flaw, Jamie Boote, security specialist at the Synopsys Computer software Integrity Team, claimed, “With the rise of remote staff during the Covid-19 Pandemic, the collision among company IT environments and personalized hardware will only rise as employees offer extra of their have components to continue on to customise and equip their house workplaces.
“It is difficult to foresee all probable driver and hardware vulnerabilities that can arise from these cases, so it is critical for IT departments to acknowledge and respond to threats these types of as these when they’re built general public.”
Boote extra that the enforcement of proactive security actions these kinds of as retaining up with danger intelligence feeds, restricting software installations to only accredited software program sources and preserving approved workstation photos can limit the effects of threats this sort of as this gaming hub privilege escalation bug.
“Perhaps this vulnerability is a reminder of why it is termed ‘The Bleeding Edge,’” said Boote.
Some components of this posting are sourced from: