HP releases critical patch for nearly all laptops

In a move to discretely remedy a design flaw in its shortcut tool, HP Info Center, which is used in 100 different HP laptop models, the company has released a patch which kills both the bug and Info Center.

News of the bug emerged on the security news bulletin Bugtraq on 11 December, reported by a researcher using the name "porkythepig". The researcher discovered that flaws in HPInfoDLL.dll -- one of the ActiveX controls used within the HP Info Center -- could allow remote attackers to target the laptop and also execute registry changes on the compromised machine.

The flaw affects 15 variations of its Compaq Presario Notebook PC series, three HP Notebook 500 model series, 46 HP Compaq Notebook PC series, 14 HP Pavilion Notebook PC Series, as well as other models, according to HP's security notice. One hundred models in total are affected by the flaw.

The patch removes the security vulnerability by disabling HP Info Center.

Although for the flaw to be exploited requires an owner of an affected HP laptop to visit a specially crafted Web site, HP has labelled the flaw critical.

<"Porkythepig" reported="" an="" attacker="" could="" lure="" a="" victim="" to="" specially="" created="" Web="" site,="" which,="" if="" viewed="" through="" Internet="" Explorer,="" allows="" the="" ActiveX="" control="" within="" HP="" Info="" Center="" be="" compromised.<="" p="">

The flaw potentially allows an attacker to install malware, change registry information in preparation for a more sophisticated attack, use the machine in a denial-of-service attack on itself or another target, or steal sensitive data from documents on the compromised machine.

CNet News.com's Robert Vamosi contributed to this article.