Friday, January 18, 2008

HP notebook critical vulnerability - Quick Launch

HP is emailing customers about a critical vulnerability in its laptops. This vulnerability enables attackers to run programs on laptops remotely, and allows them to change registry settings remotely.

Other than the fact of the vulnerability itself, the other concerning part is in the details of the notification:

  • “Discontinuing use of the Quick Launch Buttons or the respective software does not eliminate this vulnerability.

  • Deleting the Quick Launch Buttons shortcut(s) and/or program files or folders does not eliminate this vulnerability.

  • Removing (un-installing) the Quick Launch Buttons software does not eliminate this vulnerability.”
I’m sure there will be some people who read only part of the document and decide that they will remove their risk simply by not using the software or deleting it.

Link to HP article

No comments: