Jump to content
  • Beware: HP Support Assistant found vulnerable to DLL hijacking privilege escalation


    Karlston

    • 587 views
    • 2 minutes
     Share


    • 587 views
    • 2 minutes

    The HP Support Assistant is a useful software utility provided by HP so that users can download and install necessary firmware and software, check performance related metrics, run some basic troubleshooting, among other things. However, the technology giant has warned that it found a security vulnerability in the application which could lead to privilege escalation using the DLL hijacking method. HP has assigned high severity rating for the new flaw with a CVSS v3.1 base score of 8.2.

     

    The problem is precisely present in its Performance Tune-up diagnostic tool. In its security bulletin, HP explains the issue:

     

    Privilege escalation in HP Support Assistant

     

    HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. HP Support Assistant uses Fusion to launch HP Performance Tune-up. It is possible for an attacker to exploit the DLL hijacking vulnerability and elevate privileges when Fusion launches the HP Performance Tune-up.

     

    HP has also listed the vulnerable software versions that are to be avoided:

     

    • HP Support Assistant versions earlier than 9.11

       

    • Fusion versions earlier than 1.38.2601.0

       

    Hence, HP PC owners are advised to download and install the HP Support Assistant version 9.11 from the company's official website here.

     

     

    Beware: HP Support Assistant found vulnerable to DLL hijacking privilege escalation


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...