HP Support Assistant is a useful one auxiliary program provided by HP, so you can download and install necessary firmware and software, check performance, and run some basic troubleshooting, among other things.
However, the company warned that it had discovered a security hole in the app that could lead to privilege escalation using a method DLL hijacking.
HP has given the new security vulnerability a high severity rating with a CVSS v3.1 base score of 8,2.
The problem is in the Performance Tune-up diagnostic tool. In its security bulletin, HP he explains the problem:
Privilege Escalation in HP Support Assistant
HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. HP Support Assistant uses Fusion to launch HP Performance Tune-up. However, it is possible for an attacker to exploit the vulnerability with DLL hijacking and elevate privileges when Fusion launches HP Performance Tune-up.
HP also lists the vulnerable software versions to avoid:
- HP Support Assistant versions earlier than 9.11
- Fusion versions earlier than 1.38.2601.0
Thus, it is recommended that all HP PC users download and install HP Support Assistant version 9.11 from official website of the company.