Notification

Icon
Error

HP BIOS Vulnerability

Posted: Thursday, May 12, 2022 1:10:58 PM(UTC)
Esben.D

Esben.D

Member Administration Original PosterPosts: 2,187
1
Like
Two new vulnerabilities have been fixed for 200+ HP models, you can find the audit in the HP BIOS vulnerability blog post.
snigah
#1snigah Member Posts: 14  
posted: 5/18/2022 9:28:00 PM(UTC)
Hi,

Question. How can we make it work correct. we have lots of false positives, because it doesn't compare current Bios version against the fixed one.

Just one example:

the R72 is current and 01.20.00 where 01.12.00 is the fixed version.

R72 Ver. 01.20.00 R72 Ver. 01.20.00 3 1 2022-03-18 01.12.00
JakeST
#2JakeST Member Posts: 2  
posted: 5/19/2022 3:43:06 PM(UTC)
Originally Posted by: snigah Go to Quoted Post
Hi,

Question. How can we make it work correct. we have lots of false positives, because it doesn't compare current Bios version against the fixed one.

Just one example:

the R72 is current and 01.20.00 where 01.12.00 is the fixed version.

R72 Ver. 01.20.00 R72 Ver. 01.20.00 3 1 2022-03-18 01.12.00


Same here. It would be nice to have this compare and only show vulnerable machines, or color code ones that are updated vs ones that aren't.
Esben.D
#3Esben.D Member Administration Original PosterPosts: 2,187  
posted: 5/20/2022 8:44:52 AM(UTC)
I totally agree. The problem is that BIOS versions come in all sizes and shapes and unless I investigate all affected models it's not possible for me to create a condition that will reliably work.

For example, many BIOS versions will have letters in them which would break any comparison of versions when you're trying to check if 20 > 2B.

Active Discussions

Lansweeper mail reports
by  Andy.S   Go to last post Go to first unread
Last post: 7/1/2022 2:38:18 PM(UTC)
Lansweeper Adding an "Employee ID" column to an asset report
by  ABaker  
Go to last post Go to first unread
Last post: 6/30/2022 3:06:54 PM(UTC)
Lansweeper Firefox 102 & ESR 91.11
by  Esben.D   Go to last post Go to first unread
Last post: 6/30/2022 8:12:07 AM(UTC)
Lansweeper Performance report not shows result
by  NoraD  
Go to last post Go to first unread
Last post: 6/28/2022 7:52:27 AM(UTC)
Lansweeper Duplicate AD Users
by  Randy Costa   Go to last post Go to first unread
Last post: 6/27/2022 5:25:04 PM(UTC)
Lansweeper Multiple Devices Owned by Users (asset relations)
by  Adrian Scott  
Go to last post Go to first unread
Last post: 6/22/2022 5:34:51 PM(UTC)