cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Esben_D
Lansweeper Employee
Lansweeper Employee
Two new vulnerabilities have been fixed for 200+ HP models, you can find the audit in the HP BIOS vulnerability blog post.
3 Comments
snigah
Engaged Sweeper II
Hi,

Question. How can we make it work correct. we have lots of false positives, because it doesn't compare current Bios version against the fixed one.

Just one example:

the R72 is current and 01.20.00 where 01.12.00 is the fixed version.

R72 Ver. 01.20.00 R72 Ver. 01.20.00 3 1 2022-03-18 01.12.00
JakeST
Engaged Sweeper
snigah wrote:
Hi,

Question. How can we make it work correct. we have lots of false positives, because it doesn't compare current Bios version against the fixed one.

Just one example:

the R72 is current and 01.20.00 where 01.12.00 is the fixed version.

R72 Ver. 01.20.00 R72 Ver. 01.20.00 3 1 2022-03-18 01.12.00


Same here. It would be nice to have this compare and only show vulnerable machines, or color code ones that are updated vs ones that aren't.
Esben_D
Lansweeper Employee
Lansweeper Employee
I totally agree. The problem is that BIOS versions come in all sizes and shapes and unless I investigate all affected models it's not possible for me to create a condition that will reliably work.

For example, many BIOS versions will have letters in them which would break any comparison of versions when you're trying to check if 20 > 2B.