HP Support Assistant is a useful utility provided by HP so that you can download and install necessary firmware and software, check performance, and run some basic troubleshooting solutions, among others.
However, the company warned that it had discovered a security hole in the app that could lead to privilege escalation using a method DLL hijacking.
HP has given the new security vulnerability a high severity rating with a CVSS v3.1 base score of 8,2.
The problem είναι στο διαγνωστικό tool Performance Tune-up. In its security bulletin, HP he explains the problem:
Privilege Escalation in HP Support Assistant
HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. HP Support Assistant uses Fusion tomovement of HP Performance Tune-up. However, it is possible for an attacker to exploit the vulnerability with DLL hijacking and elevate privileges when Fusion launches HP Performance Tune-up.
HP also lists the vulnerable software versions to avoid:
- HP Support Assistant versions earlier than 9.11
- Fusion versions earlier than 1.38.2601.0
So, it is recommended that everyone using HP computers should download and install it version 9.11 of HP Support Assistant by official website of the company.