HP Support Assistant DLL hijacking vulnerability could grant attackers privilege escalation
HP has issued a warning about a security issue with its HP Support Assistant software. Pre-installed on numerous HP systems, and included with the installation of various products from the company, HP Support Assistant has been found to have a privilege escalation vulnerability.
Tracked as CVE-2022-38395 and assigned a score of 8.2, the vulnerability is of high severity. The good news is that a fix is available.
See also:
- Cisco releases a batch of patches for security vulnerabilities in numerous products including Cisco Small Business routers
- Microsoft releases PowerToys v0.62.0 with THREE amazing new utilities to play with
- Microsoft is planning to release 'Moment' updates to add new features to Windows 11 after 22H2
In a customer support notice posted in its Knowledge Base entitled "Privilege escalation in HP Support Assistant", HP says: "HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. HP Support Assistant uses Fusion to launch HP Performance Tune-up. It is possible for an attacker to exploit the DLL hijacking vulnerability and elevate privileges when Fusion launches the HP Performance Tune-up".
The company goes on to offer some advice:
HP strives to address all security issues with HP Support Assistant at best possible speed and make the latest version available with the fixes. HP recommends that customers update to the latest version of HP Support Assistant that includes fixes to above listed issues by turning on automatic updates in the HP Support Assistant settings. If the system has HP Support Assistant version 8x, HP advises that customers to upgrade to HP Support Assistant version 9 by going to the About section and checking for updates. If the system has HP Support Assistant version 9, HP recommends keeping Microsoft Store updates turned on so that the application is always kept up to date.
Alternately, customers can also get the latest version at https://www.hp.com/go/hpsupportassistant.
HP recommends keeping your system up to date with the latest firmware and software.
Image credit: monticello / depositphotos
Pingback: HP Support Assistant DLL hijacking vulnerability could grant attackers privilege escalation | BetaNews – Library 11: Antigonish Project Edition
Pingback: HP Support Assistant に DLL ハイジャックの脆弱性|困った時に役立つPCマガジン