Skip to Content

HP Support Assistant Vulnerability Fixed for 9.x

HP has made available an updated version of its Support Assistant tool to address a high severity flaw that could be exploited to gain elevated privileges on vulnerable systems. Support Assistant comes pre-installed on HP laptop and desktop computers, as well as on Omen devices. The flaw is a DLL hijacking issue that occurs when Support Assistant launches Performance Tune-up. HP recommends that users upgrade to the latest version of Support Assistant version 9.x; HP will not be making a fix available for version 8.x.

Note

  • Make sure that you are keeping any OEM provided software updated if your imaging processes don’t remove it. Also scan for re-introduction. The HP Support Assistant CVE-2022-38395 has a CVSS 3.0 score of 8.2, in part as the tool is already running with system privileges. The attack, while simple to exploit, requires a foothold on a system prior to exploitation, which provides some cushion; don’t sit on forcing the update.

Read more in

Tags

Tags

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.