-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2014-008 Title: UPDATED Bios update for Hewlett Packard server products Version history: 19.02.2014 Initial publication Summary ======= There is a Bios update for HP Proliant G7 server. Some of the APTs which have been discovered in the past months are taking advantages on BIOS vulnerabilities. Despite of OS or common applications, whose life-cycle are always on mind of system and security administrators, the firmware version updating is sometimes not taking in account. Reason for that could be the several combination between manufacturers and models, the risk of the firmware deployment from the backup point of view and the lack of automation for the process of some vendors. Vulnerable systems ================== HP Proliant G7 server. What can you do? ================ The intent of these advisory is to remember system administrators to investigate the particular makes and models employed in their organization and review if there is some security advisories or new versions of the firmware adding this issue into the life-cycle management, and operations programs. In addition, it can be useful to review some of the standardizations and baseline proposals about this subject. More information ================ [1] http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdHome/?javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken&javax.portlet.prp_bd9b6997fbc7fc515f4cf4626f5c8d01=wsrp-navigationalState%3DswEnvOID%253D4091%257CswLang%253D%257Caction%253DlistDriver&javax.portlet.tpst=bd9b6997fbc7fc515f4cf4626f5c8d01&sp4ts.oid=4091432&ac.admitted=1390401372137.876444892.199480143#BIOS%20-%20System%20ROM [2] https://www.sans.org/reading-room/whitepapers/basics/implementing-pc-hardware-configuration-bios-baseline-34370 [3] http://csrc.nist.gov/publications/drafts/800-147b/draft-sp800-147b_july2012.pdf CERT-EU Team (http://cert.europa.eu ) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQIcBAEBAgAGBQJTBOvlAAoJEPpzpNLI8SVonQYQAL0O/hvJzFhAOZoLYKsFWXAS FBISr5UEpIiAjOv9FIVv6vI+OmOWS0o3+jaV3Z4BxIDr9nekIv0yHnZoJSUM5Bem ZAaCQ5uhXDshSxldvSGbXY3iKyGnpUO9JbS+Bv4A4La6e/cYPEXrTqTcM3iPHwF7 MRgkdiGCu8kIZlhxGTqi0wwNIsBdjYUn9msAbDyoDlW+71Qs818KOyJHQz4z/46K SUtvYpVwjN3jlVTiA3oFt20MkOdVBu3ffk4K1FP2WR/A6gcXEASi0t5BJvJhAWgQ 3cFNFUUrRLkl8vXxfE4J75AS6gQzrri9Wu3agyRyvwXIac7PQemLbH/qsZ3DaCz0 bsObBcAWL3UD/b4zUinJvY8i9JEJHGMv9JQEg4hzg2KkNr94BKDF7ySotjarkeU7 iSuI+QJPDNn+dLwwKRhkBW38kHfjeumNTgd44UfFU6CE5F3hqQzpCHz8LaCW771j EqaZ+qp+/QBH5OQdS7XRqO+8Lq9ZRxJFP/QvlPH3qCzQ+cajFYWtuSuha2K+v9XC 0BiPxTN0Al3loYTXnYNmy92GChiUh4noNCDUZ5fa6g2ndHbCld13S0EXXGarwSQe H5fBcid94cASTo0liP4VJeElkFDokVI8rbzRwlSS7CsXve2nv+qDaDWxTCEjQa5d KZNaIXCFVUnwlNd7n7d2 =Ua8F -----END PGP SIGNATURE-----