{"id":13985,"date":"2020-04-08T00:16:00","date_gmt":"2020-04-07T22:16:00","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=13985"},"modified":"2022-09-09T15:08:26","modified_gmt":"2022-09-09T13:08:26","slug":"warning-hp-support-assistant-with-security-vulnerabilities","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/04\/08\/warning-hp-support-assistant-with-security-vulnerabilities\/","title":{"rendered":"Warning: HP Support Assistant with vulnerabilities"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline;\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" height=\"47\" align=\"left\" \/>[<a href=\"https:\/\/www.borncity.com\/blog\/2020\/04\/07\/achtung-hp-support-assistant-mit-sicherheitslcken\/\" target=\"_blank\" rel=\"noopener noreferrer\">German<\/a>]Users of HP computers should respond. The HP Support Assistant installed on many machines running Windows has security vulnerabilities that are not closed by auto-update. Whether the HP patch released at the beginning of April 2020 closes all vulnerabilities is currently unkown.<\/p>\n<p><!--more--><\/p>\n<h2>What is the HP Support Assistant?<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vg08.met.vgwort.de\/na\/79fbf5be679a422ba8cda28a0eb3b8d4\" alt=\"\" width=\"1\" height=\"1\" \/>In order to keep HP computers functional, the manufacturer has been installing the HP Support Assistant software by default since October 2012 on its systems with Windows 7, Windows 8.1 and Windows 10. The idea is that HP Support Assistant should search for software updates (drivers etc.) and keep them up to date.<\/p>\n<p><img decoding=\"async\" title=\"HP Support Assistent\" src=\"https:\/\/i.imgur.com\/LDn2HGR.jpg\" alt=\"HP Support Assistent\" \/><br \/>\n(HP Support Assistant, Source: HP)<\/p>\n<p>The idea is not a bad one, the software comes with a user interface that I use to manage the updates. So the user can control the updates and feels safe. For me, however, such an approach causes anxiety, as these 'assistants' have been conspicuous for years as a kind of 'snake oil'. It's all very well, but it doesn't work, and there are security holes that put device owners at risk. Asus device owners have sometimes brought malware onto their systems (see links at the end of the article).<\/p>\n<h2>Vulnerability in HP Support Assistant<\/h2>\n<p>Security researcher Bill Demirkapi has noticed last year that HP Support Assistant has security vulnerabilities. He made this fact public last week in the following tweet.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\">Several Critical Vulnerabilities on most HP machines running Windows, <a href=\"https:\/\/t.co\/0hrP6YXT74\">https:\/\/t.co\/0hrP6YXT74<\/a><\/p>\n<p>\u2014 Bill Demirkapi (@BillDemirkapi) <a href=\"https:\/\/twitter.com\/BillDemirkapi\/status\/1246066095649415171?ref_src=twsrc%5Etfw\">April 3, 2020<\/a><\/p><\/blockquote>\n<p><span id=\"preserve6b8ddb1702bb421b8708ecea507156dd\" class=\"wlWriterPreserve\"><script src=\"https:\/\/platform.twitter.com\/widgets.js\" async=\"\" charset=\"utf-8\"><\/script><\/span><\/p>\n<p>I'll bring it up in this blog post, as there are many users of HP devices with Windows where the software is still installed.<\/p>\n<h2>The vulnerabilities<\/h2>\n<p>HP Support Assistant brings a whole host of vulnerabilities to the Windows system, from file deletion capabilities to privilege escalation vulnerabilities and remote code execution vulnerabilities. Bill Demirkapi describes the details of these very serious vulnerabilities in great detail in <a href=\"https:\/\/d4stiny.github.io\/Several-Critical-Vulnerabilities-on-most-HP-machines-running-Windows\/\" target=\"_blank\" rel=\"noopener noreferrer\">his blog post here<\/a>.<\/p>\n<h3>HP can't fix it right<\/h3>\n<p>Demirkapi has, according to his own statements, informed HP in May 2019 about the vulnerabilities. It then took the manufacturer until December 2019 to provide a first security update to close the vulnerabilities. In March 2020, another update of the software was then submitted.<\/p>\n<p>When Demirkapi took a closer look at the new versions, it became apparent that not all vulnerabilities were closed. One update even made things worse by introducing an additional vulnerability.<\/p>\n<h3>Uninstalling the HP Support Assistant recommended<\/h3>\n<p>According to Demirkapi (as of April 3, 2020, when the post was posted on GitHub), four vulnerabilities in HP Support Assistant are still unfixed. HP published this <a href=\"https:\/\/support.hp.com\/us-en\/document\/c06609927\" target=\"_blank\" rel=\"noopener noreferrer\">Security Bulletin for HP Support Assistant<\/a> on April 2, 2020. It states that a new update should fix potential vulnerabilities in the areas of privilege escalation and arbitrary file deletion. The vulnerabilities have been reported by Bill Demirkapi, Hou JingYi (@hjy79425575) of Qihoo 360 CERT, Nichlas Holm J\u00f8rgensen of the Danish Cyber Defence.<\/p>\n<p>Whether HP has fixed all the vulnerabilities reported by Bill Demirkapi with this update is currently not clear. Another problem: HP claims that the software updates itself automatically. According to Demirkapi, the automatic update function in the HP Support Assistant is deactivated by default and must be explicitly enabled by the user.<\/p>\n<p>Given this situation, Demirkapi recommends uninstalling the HP Support Assistant for security reasons. <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/windows-pcs-exposed-to-attacks-by-critical-hp-support-assistant-bugs\/\" target=\"_blank\" rel=\"noopener noreferrer\">Bleeping Computer<\/a> has published also an article about that topic.<\/p>\n<p><strong>Similar articles:<br \/>\n<\/strong><a href=\"https:\/\/borncity.com\/win\/2019\/06\/26\/serious-vulnerability-in-dells-pc-doctor-assistant\/\">Serious vulnerability in Dell's PC Doctor Assistant<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2020\/02\/10\/critical-vulnerability-in-dell-supportassist-feb-2020\/\">Critical Vulnerability in Dell SupportAssist (Feb. 2020)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2019\/03\/26\/shadowhammer-asus-live-update-infected-with-backdoor\/\">ShadowHammer: ASUS Live Update infected with backdoor<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2019\/03\/28\/backdoor-asus-has-been-warned-about-risks-since-months\/\">Backdoor: ASUS has been warned about risks since months<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2019\/10\/15\/vulnerability-in-windows-10-update-assistant\/\">Vulnerability in Windows 10 Update Assistant<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2017\/11\/27\/hp-installs-secretly-hp-touchpoint-analytics-client-telemetry-client\/\">HP installs secretly HP Touchpoint Analytics Client telemetry client<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Users of HP computers should respond. The HP Support Assistant installed on many machines running Windows has security vulnerabilities that are not closed by auto-update. Whether the HP patch released at the beginning of April 2020 closes all vulnerabilities is &hellip; <a href=\"https:\/\/borncity.com\/win\/2020\/04\/08\/warning-hp-support-assistant-with-security-vulnerabilities\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,1547,2],"tags":[69,1544,194],"class_list":["post-13985","post","type-post","status-publish","format-standard","hentry","category-security","category-software","category-windows","tag-security","tag-software","tag-windows"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/13985","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=13985"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/13985\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=13985"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=13985"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=13985"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}