- ITDM 2025 전망 | “비전을 품은 기술 투자, 모두가 주춤한 시기에 진가 발휘할 것” 컬리 박성철 본부장
- 최형광 칼럼 | 2025 CES @혁신기술 리터러시
- The Model Context Protocol: Simplifying Building AI apps with Anthropic Claude Desktop and Docker | Docker
- This robot vacuum and mop performs as well as some flagship models - but at half the price
- Finally, a ThinkPad model that checks all the boxes for me as a working professional
Serious Flaw Found in HP OMEN Driver
A serious flaw has been found in the driver of a popular PC gaming software used by millions.
Researchers from SentinelLabs published details of the vulnerability in the HP Omen Gaming Hub on September 14. They said that attackers could exploit the flaw to locally escalate to kernel-mode privileges.
“With this level of access, attackers can disable security products, overwrite system components, corrupt the OS, or perform any malicious operations unimpeded,” wrote researchers.
Omen comes preinstalled on all HP OMEN desktops and laptops and can be used to control and optimize settings such as device GPU, fan speeds, CPU overclocking, memory and more.
The vulnerability was reported to HP on February 17, 2021, and was later given a Common Vulnerability Scoring System (CVSS) score of 7.8, making it a high-severity flaw.
No evidence of the flaw’s being exploited in the wild was discovered by SentinelOne.
“While we haven’t seen any indicators that these vulnerabilities have been exploited in the wild up till now, using any OMEN-branded PC with the vulnerable driver utilized by OMEN Gaming Hub makes the user potentially vulnerable,” noted researchers. “Therefore, we urge users of OMEN PCs to ensure they take appropriate mitigating measures without delay.”
Commenting on the newly unearthed flaw, Jamie Boote, security consultant at the Synopsys Software Integrity Group, said, “With the rise of remote workers during the Covid-19 Pandemic, the collision between corporate IT environments and personal hardware will only rise as employees supply more of their own hardware to continue to customize and equip their home offices.
“It is impossible to anticipate all potential driver and hardware vulnerabilities that can arise from these situations, so it is important for IT departments to recognize and react to threats such as these when they’re made public.”
Boote added that the enforcement of proactive security measures such as keeping up with threat intelligence feeds, limiting software installations to only approved software sources and maintaining approved workstation images can limit the impact of threats such as this gaming hub privilege escalation bug.
“Perhaps this vulnerability is a reminder of why it’s called ‘The Bleeding Edge,’” said Boote.