New security flaw discovered in HP Support Assistant

HP Support Assistant is vulnerable to DLL hijacking

Included with HP computers, but also available as a standalone release for non-HP PCs that use the brand's peripherals such as scanners or printers, HP Support Assistant is vulnerable to DLL hijacking. HP's security advisory on this topic also includes a fix for the problem, which is considered a high-level security threat.

Codrut Nistor, Published 09/08/2022 🇫🇷 🇪🇸 ...

Earlier this week, HP published a security advisory regarding a recently discovered vulnerability of the HP Support Assistant software application. According to the advisory, this piece of code is vulnerable to DLL hijacking.

The official description of the problem says that "HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. HP Support Assistant uses Fusion to launch HP Performance Tune-up. It is possible for an attacker to exploit the DLL hijacking vulnerability and elevate privileges when Fusion launches the HP Performance Tune-up." The affected products include HP Support Assistant versions earlier than 9.11, as well as Fusion versions up to 1.38.2601.0.

Fortunately, the solution is to get a post-9.11 version of HP Support Assistant. Right now, the latest version available is 9.7.238.0. Those who need to use HP Support Assistant can find the latest version on this page.

DLL hijacking is a very old security problem (identified for the first time in the year 2000) that has been affecting various Windows programs. This blog post covers the issue in-depth and also contains a free tool that can be used to look for potential DLL hijacking vulnerabilities in the Windows applications installed on a certain computer.

Buy the HP Pavilion x360 (Intel Core i5-1135G7) on Amazon

Source(s)

HP Customer Support

Twitter is hit by a new scandal. (Source: Twitter)

Twitter: 400 million user profiles reportedly up for sale following new data breach 12/27/2022

ÆPIC affects Intel 10th gen to 12th gen CPUs. (Image Source: Aepicleak.com)

New CPU architecture vulnerabilities: Intel 10th gen to 12th gen chips affected by AEPIC, SQUIP exploits loophole in all AMD Zen CPUs with SMT 08/16/2022

More than 1 million Lenovo laptops are affected by the UEFI BIOS vulnerabilities. (Image Source: Gettotext)

100+ Lenovo laptop models affected by UEFI BIOS vulnerabilities 04/20/2022

Spectre is back. (Image Source: PC Gamer)

New Spectre vulnerability affects Intel Alder Lake and ARM processors 03/09/2022

Intel claims to be better than its main competitor AMD when it comes to CPU-related vulnerabilities (Image: SeekingAlpha)

Intel claims that AMD processors had almost twice as many security vulnerabilities as Intel CPUs in 2021 02/03/2022

Bad actors were previously able to take advantage of a vulnerability in AppX installer that allowed them to spread malware. (Image: RoonZ.nl via Unsplash)

Microsoft patches spoofing vulnerability that was exploited to spread malware 12/16/2021

Researchers claim hackers could leverage the vulnerabilities to target

Intel refutes claim that newly-uncovered Spectre vulnerability variants need patching with performance-leeching fixes 05/04/2021

More vulnerabilities have been uncovered in Intel's silicon. (Image: Intel)

Another month, another Intel chipset malware vulnerability 06/10/2020

Microsoft issues patch for Internet Explorer vulnerability found by Google 12/20/2018

Spectre is more difficult to pull off, but it is harder to mitigate, as well. (Source: Google)

Microsoft releases emergency patches to address Meltdown and Spectre vulnerabilities affecting most current processors 01/04/2018

Outdated LG Android software revealed to have security flaws 06/05/2016

Loading Comments

Comment on this article

Apple A16 Bionic hammers the Snapdr...

Chinese gaming company NetDragon ap...

Codrut Nistor - Senior Tech Writer - 6324 articles published on Notebookcheck since 2013

In my early school days, I hated writing and having to make up stories. A decade later, I started to enjoy it. Since then, I published a few offline articles and then I moved to the online space, where I contributed to major websites that are still present online as of 2021 such as Softpedia, Brothersoft, Download3000, but I also wrote for multiple blogs that have disappeared over the years. I've been riding with the Notebookcheck crew since 2013 and I am not planning to leave it anytime soon. In love with good mechanical keyboards, vinyl and tape sound, but also smartphones, streaming services, and digital art.

contact me via: @online_digi, online.digital.craft, LinkedIn

Please share our article, every link counts!

> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2022 09 > New security flaw discovered in HP Support Assistant

Codrut Nistor, 2022-09- 8 (Update: 2022-09- 8)

New security flaw discovered in HP Support Assistant

Source(s)

Related Articles