Numerous HP Support Assistant Vulnerabilities Discovered, Though Not All Have Been Fixed!

  •  
  •  
  •  
  • 1
  •  
  •  
  •  
    1
    Share

Numerous bugs have been found in HP Support Assistant that poses a threat to Windows PCs. Since the software comes preinstalled in most recent HP systems, the bugs threaten a huge number of devices globally.

HP Support Assistant Bugs

Security researcher Bill Demirkapi has found multiple security vulnerabilities in the HP Support Assistant tool. These HP Support Assistant bugs threaten most Windows PCs since 2012 where the tool comes preinstalled in the HP devices. This applies to Windows 7, Windows 8, and Windows 10 systems alike.

Briefly, the researcher discovered 10 different vulnerabilities in the utility. These include 5 local privilege escalation flaws, 2 arbitrary file deletion vulnerabilities, and 3 remote code execution vulnerabilities.

Upon finding the vulnerabilities, the researcher reached out to HP after which, the vendors assured they will work on fixes. Nonetheless, HP failed to address all the bugs, especially the local privilege escalation bugs.

Specifically, out of the 10, HP released fixes for the three remote code execution and two arbitrary file deletion bugs. However, from the 5 local privilege escalation flaws, they patched only 1 and issued a partial fix for another. Whereas, three of these still remain unpatched even in the latest version. It means these three bugs (at least) still threaten thousands of Windows machines.

More details regarding these vulnerabilities are available in the researcher’s detailed write-up.

Possible Mitigations

For now, HP is yet to fix the unpatched vulnerabilities. Whereas, the latest version of HP Support Assistant bears the fixes for the remaining seven bugs. Yet, since the tool does not update automatically unless the users explicitly choose for it, HP users must make sure they update their devices immediately (if they haven’t yet) to (at least) avoid exploitation of a majority of bugs. The recent version presently is Version 9.6.587.0 / 8.8.24.33.

Nonetheless, for thorough mitigation of all vulnerabilities, the researcher recommends getting rid of the tool altogether. Users can do so by uninstalling the “HP Support Assistant” and “HP Support Solutions Framework” from their Windows devices.

The following two tabs change content below.

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!