Fixed vulnerability in pre-installed HP Support Assistant tool

HP Support Assistant is installed by default on HP computers. A vulnerability is now endangering systems.

The HP Support Assistant tool, which is preinstalled on HP computers and on systems from the Omen sub-brand, is actually intended to help solve PC problems under Windows. Now, due to a vulnerability, it becomes a problem itself and endangers the security of systems.

Attackers could exploit the vulnerability (CVE-2022-38395 “high“) to gain higher user rights, write those responsible in a warning message. Essentially, this is a DLL hijacking attack. This requires that an attacker must have access to a PC in order to create a malicious code to place a crafted DLL library on the system, in which case the library will be loaded when a victim launches HP Performance Tune-up from HP Support Assistant.

The computer manufacturer advises users to update quickly. Automatic updates can be activated in the HP Support Manager settings. The warning message does not indicate whether this function is active by default. The versions are secured HP Support Assistant 9.11 and Fusion 1.38.2601.0.

SEE ALSO  The video game controller with the best buttons we've tested: review of the Razer Wolverine V2 Pro