- The security flaw tracked as CVE-2021-3437, with a CVSS score of 7.8, impacts millions of devices worldwide.
- HP has patched the vulnerability in the OMEN Command Center driver.
SentinelLabs researcher found high-severity vulnerability in the HP OMEN driver software impacting millions of gaming computers worldwide.
Researchers from SentinelLabs discovered a vulnerability tracked as CVE-2021-3437 with a CVSS score of 7.8 in a driver used by the OMEN Gaming Hub Software.
OMEN Gaming Hub is a software product that comes pre-installed on HP OMEN desktops and laptops. This software can be used to boost one’s gaming experience through overclocking, optimising system settings for various gaming profiles, memory and a lot more.
Attackers could exploit these vulnerabilities to escalate to kernel-mode privileges locally. With this level of access, attackers can disable security products, overwrite system components with malicious payloads, corrupt the operating system, or perform any malicious operations they choose.
The list of software products affected by this flaw comprises:
- HP OMEN Gaming Hub prior to version 188.8.131.52
- HP OMEN Gaming Hub SDK Package prior to 1.0.44
“An exploitable kernel driver vulnerability can lead an unprivileged user to SYSTEM, since the vulnerable driver is locally available to anyone,” explained SentinelOne researchers in a report.
HP released patches for this high severity vulnerability on July 27 via the Microsoft store and published a security advisory.
SentinelOne warns users to update their software and take appropriate mitigation measures without delay.
“While we haven’t seen any indicators that these vulnerabilities have been exploited in the wild up till now, using any OMEN-branded PC with the vulnerable driver utilised by OMEN Gaming Hub makes the user potentially vulnerable,” SentinelOne warned.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?
The post HP OMEN Gaming Hub flaw hits millions of gaming devices appeared first on SecureReading.
This content was originally published here.