Security News > 2022 > September > HP fixes severe bug in pre-installed Support Assistant tool

HP fixes severe bug in pre-installed Support Assistant tool
2022-09-07 18:06

HP issued a security advisory alerting users about a newly discovered vulnerability in HP Support Assistant, a software tool that comes pre-installed on all HP laptops and desktop computers, including the Omen sub-brand.

HP Support Assistant is used to troubleshoot issues, perform hardware diagnostic tests, dive deeper into technical specifications, and even check for BIOS and driver updates on HP devices.

While the computer maker hasn't provided many details about the security issue, the advisory mentions that it's a DLL hijacking flaw triggered when users attempt to launch HP Performance Tune-up from within HP Support Assistant.

Still, due to the large number of devices with HP Support Assistant installed and the low complexity of exploitation, it is recommended that all HP users upgrade Support Assistant as soon as possible.

HP recommends that customers using version 9.x to update to the latest version of the Support Assistant via the Microsoft Store.

In April 2020, it was revealed that HP Support Assistant suffered from at least ten elevation of privilege and remote code execution vulnerabilities, some remaining unpatched since October 2012 and for a year after their disclosure to HP. Considering the above, if you don't need or use your computer vendor's bloatware, deleting these tools would remove all associated risks.


News URL

https://www.bleepingcomputer.com/news/security/hp-fixes-severe-bug-in-pre-installed-support-assistant-tool/

#HP

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
HP 6795 19 248 488 234 989