On 8 March 2022 HP released a number of updates to mitigate potential BIOS vulnerabilities in certain HP products.

These vulnerabilities affect the BIOS or UEFI system, so are not addressed through Windows Update.

You can check if updates are available for your HP device using the installed HP update application, or by visiting the HP Software and Driver Downloads site.

HP also has advice on updating the BIOS on HP devices at the Customer Support Knowledge Base.

What are the vulnerabilities?

Sixteen potential security flaws have been recently discovered that could allow attackers to perform a number of malicious operations, including:

  • Escalation of Privilege
  • Arbitrary Code Execution
  • Unauthorized Code Execution
  • Denial of Service
  • Information Disclosure

There’s more information available at the HP Customer Support Knowledge Base.

These vulnerabilities exist in the BIOS or UEFI firmware; software that operates ‘below’ your operating system (e.g., Microsoft Windows 10) to make the various bits of hardware on your device (e.g., the power button) respond and perform corresponding actions in software.

How do I protect myself?

Due to the location of the vulnerabilities in the BIOS/UEFI systems, it’s likely that many anti-malware solutions, that work at the operating system level, will not be able to detect malware introduced in this way.

The best way to ensure you are protected against exploitation of these vulnerabilities is to install the updates that HP have published.