Frame-14

Privacy Ninja

HP Fixes Severe Bug in Pre-installed Support Assistant Tool

HP Fixes Severe Bug in Pre-installed Support Assistant Tool

HP issued a security advisory alerting users about a newly discovered vulnerability in HP Support Assistant, a software tool that comes pre-installed on all HP laptops and desktop computers, including the Omen sub-brand.

HP Support Assistant is used to troubleshoot issues, perform hardware diagnostic tests, dive deeper into technical specifications, and even check for BIOS and driver updates on HP devices.

The flaw, discovered by researchers at Secure D and reported to HP, is tracked as CVE-2022-38395 and has a “high” severity score of 8.2, as it enables attackers to elevate their privileges on vulnerable systems.

Also Read: Computer Misuse Act Singapore: The Truth And Its Offenses

CVSS scope analysis for CVE-2022-38395
CVSS scope analysis for CVE-2022-38395 (First.org)

While the computer maker hasn’t provided many details about the security issue, the advisory mentions that it’s a DLL hijacking flaw triggered when users attempt to launch HP Performance Tune-up from within HP Support Assistant.

DLL hijacking happens when a malicious actor places a DLL containing malicious code on the same folder as the abused executable, exploiting Windows’ logic to prioritize those libraries against DLLs in the System32 directory.

The subsystem that can trigger the DLL hijacking flaw
The subsystem that can trigger the DLL hijacking attack

The code that executes by loading the library assumes the privileges of the abused executable, in this case, HP Support Assistant running with ‘SYSTEM’ privileges.

Hence, CVE-2022-38395 can be exploited by attackers who have already established their presence on a system via low-privileged malware or a RAT tool.

Also Read: Personal Data Websites: 3 Things That You Must Be Informed

Still, due to the large number of devices with HP Support Assistant installed and the low complexity of exploitation, it is recommended that all HP users upgrade Support Assistant as soon as possible.

HP recommends that customers using version 9.x to update to the latest version of the Support Assistant via the Microsoft Store.

Those using the older version 8.x won’t receive a security update, so they are advised to move to the newer branch. To do that, open the software, go to the “About” section, and click “check for updates.”

This is not the first time HP’s pre-installed self-help tools create security risks for users and not even the first time for Support Assistant in particular.

In April 2020, it was revealed that HP Support Assistant suffered from at least ten elevation of privilege and remote code execution vulnerabilities, some remaining unpatched since October 2012 and for a year after their disclosure to HP.

Considering the above, if you don’t need or use your computer vendor’s bloatware, deleting these tools would remove all associated risks.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us