back to article One month after Black Hat disclosure, HP's enterprise kit still unpatched

Multiple high-severity firmware bugs in HP's business computers remain unpatched, some more than a year after Binarly security researchers disclosed the vulnerabilities to HP and then discussed them at the Black Hat security conference last month. This means that the vulnerabilities, with severity scores ranging from 7.5 to 8. …

  1. Joe W Silver badge

    Once upon a time...

    .... HP had engineers. I fondly remember lengthy discussions with one of them about some things we tried to do with a programmable function generator, which worked out.... ok-ish (not the engineer's fault, but rather a limitation of the function generator - and we did not have the funds to buy another one). Then this part of HP got spun out as "Agilent" (who continued doing great stuff - not sure about right now, I am no longer in that field).

    Same with printers. The old Laserjets were monsters - and reliable. The newer ones? We had a colour Laserjet where the toner cassettes were installed one atop the other on the side of the printer. Every 6 to 8 months we had to take that toner stack apart and thoroughly clean it - dust from the upper cassettes ended up un the lower ones, seriously messing up the colours. Not fun. And messy (though one of my mates / colleagues had all sorts of tricks and could do that really quite fast).

    And likely the same with laptops etc.

    And UEFI is a bloody mess anyways. Always has been. Complexity is the enemy of a robust and easy to fix system - but complexity caused by the requirements (yeah, I get the idea behind UEFI etc. - doesn't mean I must like it).

    1. Captain Scarlet Silver badge

      Re: Once upon a time...

      Ah yes HP had some very good engineers (same as IBM and Extreme Networks), 4250 is the last time I saw one.

      It then went to another company, engineers were good enough but obviously didn't have full knowledge. One unfortunate engineer was onsite almost 2 days and basically replaced everything in a P3015DTN with additional trays due to a sticky sensor and lack of sensors compared to the P4015 series.

      We did just under the recommended duty cycle and to give the warehouse more room we went for the P3015 series. The P4015 had additional sensors in the paperpath around the print engine where as the P3015 had one. It was sticking so the printer thought paper had not left the print engine.

      Obviously learnt from my mistake, but we got a brand new P3015 out of it minus the outside casing.

    2. BOFH in Training Silver badge

      Re: Once upon a time...

      I was in HP when Carly took over and Compaq merger happened.

      I left soon after, by choice, after the R&D test lab I was in got outsourced.

      Met a bunch of smart people while I was there. Many left around the time I left.

    3. Anonymous Coward
      Anonymous Coward

      Re: Once upon a time...

      Just watched a HP laptop update a UEFI BIOS - percentage progress bar counting through 32MB, couldn't help thinking that I had PC's with less RAM than that!!

  2. Pascal Monett Silver badge

    ""Security is always a top priority for <company>"

    PR bullshit alert.

    That's always the line they trot out when they have demonstrated that they don't give a damn.

    If it was a "top priority", you'd have fixed the problem by now, or at least, announced when a fix would be available.


    1. John Brown (no body) Silver badge

      Re: ""Security is always a top priority for <company>"

      Note that they said "a top priority". Not "our top priority" or "the top priority".

      Clearly they have other "top priorities" too. Like profit margins, C-level bonuses, corporate buy-out at over-inflated prices etc.

      1. Anonymous Coward
        Anonymous Coward

        Re: ""Security is always a top priority for <company>"

        Security is a top priority - DRM for toner and ink cartridges for example!

  3. Anonymous Coward
    Anonymous Coward

    HP Enterprise.... Not the same as HP

    HP Enterprise does not make notebooks, laptop, PCs, printers etc. That is the other HP company.

    HP Enterprise makes Servers, Greenlake Cloud services and Ezmeral Cloud services as well as few storage and networking bits...

    1. Sandtitz Silver badge

      Re: HP Enterprise.... Not the same as HP

      "HP Enterprise does not make notebooks, laptop, PCs, printers etc. That is the other HP company."

      HP not only makes consumer junk, but enterprise grade notebooks, PCs and printers.

      HPE is not mentioned, nor is the 'enterprise' capitalised. Read harder.

      1. Anonymous Coward
        Anonymous Coward

        Re: HP Enterprise.... Not the same as HP

        I did read it several times. And the phrase that stands out is HP enterprise. While grammar matters and all should be up to speed. HP enterprise reads and sounds the same as HP Enterprise. Changing the term to professional or business would allow for the same definition without the confusion. Do you not agree ?

        1. envida

          Re: HP Enterprise.... Not the same as HP

          Of course the more consumery business is called hp, not a Hewlett Packard in sight but the more enterprisey business is called Hewlett Packard Enterprise, not HP enterprise. To me anything worded as HP in an article like this will refer to hp inc and anything worded as Hewlett Packard Enterprise or HPE would refer to Hewlett Packard Enterprise Company, nothing really to get confused about.

          If you follow the links in the article they take you to the consumery hp website

          1. Anonymous Coward
            Anonymous Coward

            Re: HP Enterprise.... Not the same as HP

            I tend to fiddle/install a fair amount of HP software, like JetAdmin and some of their other stuff. Looking in my Programs Files folder, I have folder names like


            HP Inc


            Hewlett Packard Enterprise

            HPE Product Bulletin Gateway

            Also one called Compaq - does that count?????

            Nothing like consistency!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like