-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05239646 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05239646 Version: 1 HPSBHF3549 ThinkPwn UEFI BIOS SmmRuntime Escalation of Privilege NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2016-08-17 Last Updated: 2016-08-25 Potential Security Impact: System downtime, or privilege escalation. Source: HP, HP Product Security Response Team (PSRT) VULNERABILITY SUMMARY A security vulnerability identified with UEFI firmware, dubbed ThinkPwn, has been addressed in certain HP commercial notebook PCs and HP consumer notebook PCs. The vulnerability could be exploited to run arbitrary code in System Management Mode, resulting in elevation of privilege or denial of service. References: CVE TBD PSR-2016-0068 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. See impacted products listed in the Resolution section of this document. BACKGROUND For a PGP signed version of this security bulletin please write to: hp-security-alert@hp.com CVSS 2.0 Base Metrics Reference Base Vector Base Score CVE-TBD Temp (AV:N/AC:H/Au:S/C:C/I:C/A:C) Temp 7.1 Information on CVSS is documented in HP Customer Notice: HPSN2008002. RESOLUTION HP has provided firmware updates to address the vulnerability for HP PCs with UEFI Firmware. To acquire the firmware updates, go to hp.com and complete the following steps: 1. On hp.com, select Support and then select Download Drivers. 2. Enter your product name or number in the Find my product field. 3. Choose the product from the returned search results. 4. Choose the operating system. 5. Under the Download Index, select BIOS, and download the BIOS version as listed in the table below. 6. Follow the installation instructions to install the firmware update. HP Commercial Notebook PC, Mobile Thin Client and BIOS HP SoftPaq Tablet Model Version Number HP EliteBook 725 G2 Notebook PC 01.42 sp76950 HP EliteBook 745 G2 Notebook PC 01.42 sp76950 HP EliteBook 755 G2 Notebook PC 01.42 sp76950 HP mt41 Mobile Thin Client 01.41 sp76955 HP ProBook 4435s Notebook PC F.63 sp76954 HP ProBook 4436s Notebook PC F.63 sp76954 HP ProBook 4445s Notebook PC F.64 sp76961 HP ProBook 4446s Notebook PC F.64 sp76961 HP ProBook 445 G1 Notebook PC F.64 sp76956 HP ProBook 445 G2 Notebook PC 01.41 sp76953 HP ProBook 4535s Notebook PC F.63 sp76954 HP ProBook 4545s Notebook PC F.64 sp76961 HP ProBook 455 G1 Notebook PC F.64 sp76956 HP ProBook 455 G2 Notebook PC 01.41 sp76953 HP ProBook 645 G1 Notebook PC 01.41 sp76945 HP ProBook 6465b Notebook PC F.63 sp76967 HP ProBook 6475b Notebook PC F.65 sp76962 HP ProBook 655 G1 Notebook PC 01.41 sp76945 HP ProBook 6565b Notebook PC F.63 sp76967 HP Consumer and SMB Notebooks BIOS HP SoftPaq Version Number HP Pavilion 13-p100 thru 13-p199 x2 (AMD) F.0A sp76822 HP Pavilion 13z-p100 x2 (AMD) F.0A sp76822 HP Pavilion 14-a000 thru 14-a099 (Intel) F.27 sp76846 HP Pavilion 14-e000 thru 14-e199 (Intel) F.27 sp76846 HP Pavilion 14-f000 thru 14-f099 Sleekbook (AMD) F.0B sp76823 HP Pavilion 14-n000 thru 199 (Intel) F.70 sp76803 HP Pavilion 14-n200 thru 299 (Intel) F.70 sp76803 HP Pavilion 14t-a000 (Intel) F.27 sp76846 HP Pavilion 14t-e100 (Intel) F.27 sp76846 HP Pavilion 14t-n100 (Intel) F.70 sp76803 HP Pavilion 14t-n200 (Intel) F.70 sp76803 HP Pavilion 14z-f000 Sleekbook (AMD) F.0B sp76823 HP Pavilion 15-e000 thru 15-e099 (Intel) F.27 sp76846 HP Pavilion 15-e100 thru 15-e199 (Intel) F.27 sp76846 HP Pavilion 15-n000 thru 199 (Intel) F.70 sp76803 HP Pavilion 15-n200 thru 299 (Intel) F.70 sp76803 HP Pavilion 15t-e000 (Intel) F.27 sp76846 HP Pavilion 15t-e100 (Intel) F.27 sp76846 HP Pavilion 15t-n100 (Intel) F.27 sp76846 HP Pavilion 15t-n200 (Intel) F.70 sp76803 HP Pavilion 17-e000 thru 17-e099 (Intel) F.27 sp76846 HP Pavilion 17-e100 thru 17-e199 (Intel) F.27 sp76846 HP Pavilion 17t-e000 (Intel) F.27 sp76846 HP Pavilion 17t-e100 (Intel) F.27 sp76846 HP Pavilion TouchSmart 14-f000 thru 14-f099 F.0B sp76823 Sleekbook HP Pavilion TouchSmart 14-n000 thru 199 Ultrabook F.70 sp76803 (Intel) HP Pavilion TouchSmart 14-n000 thru 299 (Intel) F.70 sp76803 HP Pavilion TouchSmart 14-n200 thru 299 Ultrabook F.70 sp76803 (Intel) HP Pavilion TouchSmart 14t-n100 (Intel) F.70 sp76803 HP Pavilion TouchSmart 14t-n100 Ultrabook (Intel) F.70 sp76803 HP Pavilion TouchSmart 14t-n200 (Intel) F.70 sp76803 HP Pavilion TouchSmart 14t-n200 Ultrabook (Intel) F.70 sp76803 HP Pavilion TouchSmart 14z-f000 Sleekbook (AMD) F.0B sp76823 HP Pavilion TouchSmart 15-n000 thru 15-n299 F.70 sp76803 (Intel) HP Pavilion TouchSmart 15t-n100 (Intel) F.70 sp76803 HP Pavilion TouchSmart 15t-n200 (Intel) F.70 sp76803 System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." REVISION HISTORY Version 1 2016-08-09 Copyright 2016 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJYElOHAAoJEPRuzn0I+N3ZBqYQAJGSgloCzeuYUGUbiR/SgZJD zjI5YTVjy33QLI+BHwDizylpS5s7i9lcic++RcyspfRCBwK/gWVfh1q4Zb8kxyBq xruvGzdG+PfAMPwVhFWDIxLsQAMPUD3/lLt3RimTKiVP70gGWwlaeTJBwDfe4vZh S6LeYg9G/R0/EFDnUxN6sMTVAsICo2f5/puzkUk1pshFDJQ5mR9Se1lrOgHL0jHl Hw2pHey8JmTUI+ORzow82qpJ5BFwmzSz5h5lTGoiuhypWkoamzxAnel4vZrQroFT 2uSB8a2P3Ri1IgP1CgOKOOBrGpXdcZLOk/58KgxZTcdCJIRBVlRFPxrGlOSr4iDP UxEHpGoCcFAT2pC+Q6HWfAEM2ctfjWDZKRvaHcDo6dosHwE+vUHNCt3I5su4M7nn 111kMWhN8yEKZLWoyyX8xCZQSGbW2vEH/iigI4jivbPayr4p19i/C196Z+odAWzg jAF9FA71QneIyVNkyD835LZhIA7mdbMPNlAnP/atuds7ITDfPV57hVWPx0L6YUgH HD2uFIAzX3NnLpTIO550IedPVb8PRWwZCo46D6P4WYReJbboZ5Jgx66Iud59kCOR RlWEQQ0KZ/9u73VfMP3RqUGMC0LezP0nLuJ9Wgb/zo9naUXAfGO5DLPDTDMFjgSs rGtaxS1YeGRPKhs6DJOQ =cB28 -----END PGP SIGNATURE-----