Software that’s pre-installed on HP computers running Windows since October 2012 expands the potential attack surface for millions of users
In his vulnerability disclosure, Demirkapi said he first reported his findings to HP on October 5, 2019. An update meant to fix the problems was pushed out by HP on December 19, Demirkapi said. However, he also noted that there were still unpatched vulnerabilities after this date and sent another report to HP on January 6, 2020, and another patch was scheduled for release in March. This was delayed because of the ongoing COVID-19 pandemic.