New security flaw discovered in HP Support Assistant
Earlier this week, HP published a security advisory regarding a recently discovered vulnerability of the HP Support Assistant software application. According to the advisory, this piece of code is vulnerable to DLL hijacking.
The official description of the problem says that "HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. HP Support Assistant uses Fusion to launch HP Performance Tune-up. It is possible for an attacker to exploit the DLL hijacking vulnerability and elevate privileges when Fusion launches the HP Performance Tune-up." The affected products include HP Support Assistant versions earlier than 9.11, as well as Fusion versions up to 1.38.2601.0.
Fortunately, the solution is to get a post-9.11 version of HP Support Assistant. Right now, the latest version available is 9.7.238.0. Those who need to use HP Support Assistant can find the latest version on this page.
DLL hijacking is a very old security problem (identified for the first time in the year 2000) that has been affecting various Windows programs. This blog post covers the issue in-depth and also contains a free tool that can be used to look for potential DLL hijacking vulnerabilities in the Windows applications installed on a certain computer.
Are you a techie who knows how to write? Then join our Team! Wanted:
- News translator (DE-EN)
- Review translation proofreader (DE-EN)
Details here