Notebookcheck Logo

New security flaw discovered in HP Support Assistant

HP Support Assistant is vulnerable to DLL hijacking
HP Support Assistant is vulnerable to DLL hijacking
Included with HP computers, but also available as a standalone release for non-HP PCs that use the brand's peripherals such as scanners or printers, HP Support Assistant is vulnerable to DLL hijacking. HP's security advisory on this topic also includes a fix for the problem, which is considered a high-level security threat.

Earlier this week, HP published a security advisory regarding a recently discovered vulnerability of the HP Support Assistant software application. According to the advisory, this piece of code is vulnerable to DLL hijacking.

The official description of the problem says that "HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. HP Support Assistant uses Fusion to launch HP Performance Tune-up. It is possible for an attacker to exploit the DLL hijacking vulnerability and elevate privileges when Fusion launches the HP Performance Tune-up." The affected products include HP Support Assistant versions earlier than 9.11, as well as Fusion versions up to 1.38.2601.0.

Fortunately, the solution is to get a post-9.11 version of HP Support Assistant. Right now, the latest version available is 9.7.238.0. Those who need to use HP Support Assistant can find the latest version on this page.

DLL hijacking is a very old security problem (identified for the first time in the year 2000) that has been affecting various Windows programs. This blog post covers the issue in-depth and also contains a free tool that can be used to look for potential DLL hijacking vulnerabilities in the Windows applications installed on a certain computer.

Buy the HP Pavilion x360 (Intel Core i5-1135G7) on Amazon

static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
Mail Logo
Codrut Nistor, 2022-09- 8 (Update: 2022-09- 8)