[German]Users of HP machines should respond because their machines have the HP Support Assistant preinstalled by default under Windows. This HP Support Assistant invokes the HP Performance Tune-up tool via Fusion. The process has a DLL hijacking vulnerability that can be abused for privilege elevation. A security update is available.
What is HP Support Assistant?
To keep HP-Computer functional, the manufacturer has been pre-installing HP Support Assistant software on its systems running Windows by default since October 2012. The idea: The HP Support Assistant is supposed to search for software updates (drivers, etc.) and keep them up-to-date.
(HP Support Assistant, Source: HP)
The idea is not bad, the software comes with a user interface that can be used to manage the updates. The user can control the updates and feel safe. However, such an approach makes me uneasy, since these 'assistants' have repeatedly attracted attention due to vulnerabilities. Asus device owners have already gotten malware on their systems.
Vulnerability in HP Support Assistant
HP has released the support article HPSBHF03809 Rev. 1 on September 6, 2022, which warns about a vulnerability in HP Support Assistant. HP Support Assistant uses HP Performance Tune-up as a diagnostic tool.
To run HP Performance Tune-up, HP Support Assistant uses the Fusion module. Security researchers have determined that an attacker can exploit a the DLL hijacking vulnerability found in this process and elevate privileges when Fusion launches the HP Performance Tune-up tool. Affected:
- HP Support Assistant versions prior to 9.11
- Fusion versions prior to 1.38.2601.0
The vulnerability is rated with a CVE Base Score of 8.2. HP recommends installing the latest version of HP Support Assistant, as it contains the fixes for the issues listed above. In addition, the new version enables automatic updates in the HP Support Assistant settings.
If the system has HP Support Assistant version 8x installed, HP recommends updating to HP Support Assistant version 9 (should go to the About section and check for updates. If HP Support Assistant version 9 is installed, HP recommends enabling Microsoft Store updates to keep the application up to date. (via)
Vulnerabilities have been found in HP Support Assistant time and again in the past. Therefore, the advice from security researchers is to completely uninstall HP Support Assistant.
Serious vulnerability in Dell's PC Doctor Assistant
Critical Vulnerability in Dell SupportAssist (Feb. 2020)
ShadowHammer: ASUS Live Update infected with backdoor
Windows 10: Update installs mysterious HP Inc. driver
HP Touchpoint Analytics vulnerability put PCs at risk
Warning: HP Support Assistant with vulnerabilities
Cookies helps to fund this blog: Cookie settings