 Do you own an HP Omen, Envy, or Pavilion gaming laptop or desktop? You're certainly not alone if you do. It's a wildly popular and incredibly versatile model that has sold millions of units worldwide. Unfortunately there's a problem. A serious security flaw in a driver used by the Omen gaming software. It comes pre-loaded on all HP Omen laptops and desktops and can be abused by hackers to take control of a target system.
Do you own an HP Omen, Envy, or Pavilion gaming laptop or desktop? You're certainly not alone if you do. It's a wildly popular and incredibly versatile model that has sold millions of units worldwide. Unfortunately there's a problem. A serious security flaw in a driver used by the Omen gaming software. It comes pre-loaded on all HP Omen laptops and desktops and can be abused by hackers to take control of a target system.
This flaw is being tracked as CVE-2021-3437. It was caused by HP's decision to use vulnerable code that was copied in part from an open source driver.
The Omen gaming hub can be used by any PC to boost one's gaming experience via overclocking and creating highly optimized gaming profiles that adjust system settings depending on what game you're playing.
The software can be downloaded on any PC but as mentioned it comes pre-installed on several of HP's most popular models. In light of the above the flaw in the HP Gaming Hub software can potentially put millions of users at risk.
If there's a silver lining it lies in the fact that HP acted quickly and has already patched the issue. In fact a fix has been available since July of this year (2021). If you use the Gaming Hub application be sure to check the version you've got installed.
If you're using HP Omen Gaming Hub 11.6.3.0 or earlier you'll want to update right away. If you're using HP Omen Gaming Hub SDK package prior to 1.0.44 you'll likewise want to grab the latest version.
So far, there have been no reports of this bug being exploited in the wild. It's still a potentially serious issue though. So if you are currently using a vulnerable version of the software upgrade right away just to be safe.

 


