Centennial Article: HP update threatens data leak

HP update threatens data leak

A flaw has been discovered in a tool that is responsible for checking and downloading updates for software and drivers.

The defect is located in Hewlett-Packard Software Update tool within the PHeDiag ActiveX component. Flaws could lead to stored information on PCs being leaked or attackers accessing systems.

Users of Internet Explorer could find that the flaws are exploited after they have been tricked into visiting malicious websites.

Tan Chew Keong, security researcher, discovered the defects and explained that those using Internet Explorer 6 (IE6) were more at risk.

"A successful exploit requires that the user is tricked into visiting a malicious website using IE6 or earlier. If the user uses IE7 he must first be convinced into allowing the ActiveX control to run," said Mr Keong.

PC's linked to printers, scanners or cameras that have the software update facility are at risk from the defect.

Software development has recently been criticised by owner of a web design company Mark Pascall who believes the process should be collaborative and broken down into steps to help prevent flaws.

Learn more about SAM solutions from Centennial Software

About Centennial Software

Centennial Software (www.centennial-software.com) is a leading developer of asset management and network security solutions with more than five million licenses sold to blue-chip organizations around the world. Centennial's growing portfolio of solutions helps organizations better manage their IT infrastructure, maintain compliance and minimize operational risks. Centennial products are available through a global network of approved resellers and market-leading OEM vendors. The company operates offices in the USA, UK, Germany, Sweden and Australia.

• Contact Us
• Privacy Policy

• Sitemap
• Terms of Use

Sign-up for our newsletters!