HP Support Assistant DLL hijacking vulnerability could grant attackers privilege escalation

HP laptop

HP has issued a warning about a security issue with its HP Support Assistant software. Pre-installed on numerous HP systems, and included with the installation of various products from the company, HP Support Assistant has been found to have a privilege escalation vulnerability.

Tracked as CVE-2022-38395 and assigned a score of 8.2, the vulnerability is of high severity. The good news is that a fix is available.

See also:

Advertisement

In a customer support notice posted in its Knowledge Base entitled "Privilege escalation in HP Support Assistant", HP says: "HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. HP Support Assistant uses Fusion to launch HP Performance Tune-up. It is possible for an attacker to exploit the DLL hijacking vulnerability and elevate privileges when Fusion launches the HP Performance Tune-up".

The company goes on to offer some advice:

HP strives to address all security issues with HP Support Assistant at best possible speed and make the latest version available with the fixes. HP recommends that customers update to the latest version of HP Support Assistant that includes fixes to above listed issues by turning on automatic updates in the HP Support Assistant settings. If the system has HP Support Assistant version 8x, HP advises that customers to upgrade to HP Support Assistant version 9 by going to the About section and checking for updates. If the system has HP Support Assistant version 9, HP recommends keeping Microsoft Store updates turned on so that the application is always kept up to date.

Alternately, customers can also get the latest version at https://www.hp.com/go/hpsupportassistant.

HP recommends keeping your system up to date with the latest firmware and software.

Image credit: monticello / depositphotos

© 1998-2022 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.