Το HP Support Assistant είναι ένα χρήσιμο βοηθητικό πρόγραμμα που παρέχεται από την HP, για να μπορείτε να κατεβάζετε και να εγκαταστήσετε τα απαραίτητα firmware και software, να ελέγχετε την απόδοση, αλλά και να τρέχετε ορισμένες βασικές λύσεις αντιμετώπισης προβλημάτων, μεταξύ άλλων.
However, the company warned that it had discovered a security hole in the app that could lead to privilege escalation using a method DLL hijacking.
HP has given the new security vulnerability a high severity rating with a CVSS v3.1 base score of 8,2.
The problem is in the Performance Tune-up diagnostic tool. In its security bulletin, HP he explains the problem:
Privilege Escalation in HP Support Assistant
HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. HP Support Assistant uses Fusion to launch HP Performance Tune-up. However, it is possible for an attacker to exploit the vulnerability with DLL hijacking and elevate privileges when Fusion launches HP Performance Tune-up.
HP also lists the vulnerable software versions to avoid:
- HP Support Assistant versions earlier than 9.11
- Fusion versions earlier than 1.38.2601.0
Thus, it is recommended that all HP PC users download and install HP Support Assistant version 9.11 from official website of the company.
