HP has issued a warning about a vulnerability in its much-loved Support Assistant tool.
The flaw in the service, which comes preinstalled on all HP laptops and desktops, was discovered by Secure D researchers, who noted it of particular concern with a “high” severity score of 8.2.
The experts say that cyber attackers can use an infected HP Support Assistant tool to increase their privileges on vulnerable systems and gain unauthorized access.
HP Support Assistant Vulnerability
A advisory (opens in new tab) message from HP says DLL hijack error is triggered when users launch HP Performance Tuneup from HP Support Assistant – an app designed to help computer users troubleshoot, run diagnostic tests, and check for BIOS and driver updates, among other features.
The DLL vulnerability, called CVE-2022-38395, means that threats inject malicious code into the HP Support Assistant, which then abuses Windows logic to prioritize those libraries against DLLs in the System32 directory.
In an effort to iron out the identified vulnerabilities, HP is urging its customers to update the Support Assistant app immediately. A security update for version 9.x has been launched in the Microsoft Store, but users of versions 8.x will not receive a security patch. Instead, they are also urged to update to the latest version of 9.x, which can be accessed via the “Check for Updates” button in the “About” section.
BleepingComputer stresses that this isn’t the first time that HP’s Support Assistant app has suffered from vulnerabilities. In fact, we reported that 10 flaws were found in October 2019, some of which went unpatched more than a year after they were first discovered.
While keeping software up to date is one way to stay on top of security patches, more software will inevitably lead to more potential vulnerabilities. With that in mind, removing unnecessary or unwanted software offers a solution that frees up disk space and processing power on your machine at the same time.
Through BleepingComputer (opens in new tab)