HP business notebooks: Privilege escalation in hotkey support

HP warns of a security vulnerability in the HP Hotkey Support software, which provides the functions for the quick access keys such as volume control on the keyboard, of numerous business notebooks. Attackers can use this to extend their rights in the system. However, software updates are available to fix the problem.

A vulnerability has been discovered in the HP Hotkey Support software, Hewlett Packard explains in a security release. It allows attackers to extend their rights (CVE-2024-27458, CVSS 8.8, risk"high"). The vulnerability therefore just misses being classified as a critical risk. However, HP does not provide any further details on how the vulnerability can be exploited or how successful attacks can be fended off.

Updates for affected devices

The security notice lists the affected devices. These are primarily HP business notebooks from the Elite, Elitebook, Pro, Probook and ZBook series. In each case, different versions are affected, such as the Firefly, Fury and Studio variants of the ZBook series. HP also adds that the HP Engage Go 10 and 13.5 point-of-sale systems are also vulnerable.

The list links to a Softpaq containing the updated hotkey support software for the individual affected devices: SP154474. Anyone using HP business notebooks should therefore check the list to see if their own devices appear on it and download and install the updated software on vulnerable notebooks.

Alternatively, admins can also download and install the HP Support Assistant. When running and searching for updates, this should find the updated hotkey support software and any other updates and then download and install them at the touch of a button.

Read also

BIOS vulnerability puts countless HP PCs at risk

At the end of July, HP recently had to deal with more serious security vulnerabilities in its PCs. A BIOS security vulnerability compromised countless Hewlett Packard desktop computers.

(dmk)