Security News > 2020 > April > Pre-Installed Utility Renders HP Computers Vulnerable to Attacks
A security researcher discovered multiple vulnerabilities in HP Support Assistant, a utility pre-installed on all HP computers sold after October 2012.
While there are mitigations in place, HP Support Assistant is insecure by design, the researcher says.
"This is because core components, such as the HP Web Product Detection rely on access to the service and run in an unprivileged context. The fact is, the current way the HP Service is designed, the service must be able to receive messages from unprivileged processes. There will always be a way to talk to the service as long as unprivileged processes are able to talk to the service," the researcher notes.
The researcher disclosed all vulnerabilities to HP in a responsible manner, and the company rolled out patches, but it seems that it failed to address all of the identified issues.
According to Demirkapi, users can mitigate the security risks posed by HP's utility by completely removing it from their computers.