HP issued a security advisory alerting users about a newly discovered vulnerability in HP Support Assistant, a software tool that comes pre-installed on all HP laptops and desktop computers, including the Omen sub-brand.
HP Support Assistant is used to troubleshoot issues, perform hardware diagnostic tests, dive deeper into technical specifications, and even check for BIOS and driver updates on HP devices.
The flaw, discovered by researchers at Secure D and reported to HP, is tracked as CVE-2022-38395 and has a “high” severity score of 8.2, as it enables attackers to elevate their privileges on vulnerable systems.
While the computer maker hasn’t provided many details about the security issue, the advisory mentions that it’s a DLL hijacking flaw triggered when users attempt to launch HP Performance Tune-up from within HP Support Assistant.
DLL hijacking happens when a malicious actor places a DLL containing malicious code on the same folder as the abused executable, exploiting Windows‘ logic to prioritize those libraries against DLLs in the System32 directory.
The code that executes by loading the library assumes the privileges of the abused executable, in this case, HP Support Assistant running with ‘SYSTEM’ privileges.
Hence, CVE-2022-38395 can be exploited by attackers who have already established their presence on a system via low-privileged malware or a RAT tool.
Still, due to the large number of devices with HP Support Assistant installed and the low complexity of exploitation, it is recommended that all HP users upgrade Support Assistant as soon as possible.
HP recommends that customers using version 9.x to update to the latest version of the Support Assistant via the Microsoft Store.
Those using the older version 8.x won’t receive a security update, so they are advised to move to the newer branch. To do that, open the software, go to the “About” section, and click “check for updates.”
This is not the first time HP’s pre-installed self-help tools create security risks for users and not even the first time for Support Assistant in particular.
In April 2020, it was revealed that HP Support Assistant suffered from at least ten elevation of privilege and remote code execution vulnerabilities, some remaining unpatched since October 2012 and for a year after their disclosure to HP.
Considering the above, if you don’t need or use your computer vendor’s bloatware, deleting these tools would remove all associated risks.
Source: www.bleepingcomputer.com
