HP’s most annoying bloatware has a serious security flaw

HP Support Assistant has another vulnerability

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

HPhas issued a warning of a vulnerability in its much-unloved Support Assistant tool.

The flaw in the service, which comes pre-installed on allHP laptopsand desktops, was discovered by Secure D researchers, who noted it to be especially worrying with a “high” severity score of 8.2.

The experts say that cyber-attackers could make use of an infected HP Support Assistant tool to elevate their privileges on vulnerable systems, gaining access without permission.

HP Support Assistant vulnerability

Anadvisorynotice issued by HP says that the DLL hijacking flaw is triggered when users launch HP Performance Tune-up from within HP Support Assistant - an app that is designed to help computer users troubleshoot problems and perform diagnostic tests, and to check for BIOS and driver updates, among other features.

The DLL vulnerability, dubbed CVE-2022-38395, involves threat actors injecting malicious code into the HP Support Assistant, which then exploits Windows’ logic to prioritize those libraries against DLLs in the System32 directory.

The best endpoint protection software to protect your computer>Microsoft Edge gets emergency patch for severe zero-day vulnerability>Microsoft takes action to eliminate potential Windows 11 vulnerability

In an effort to iron out the vulnerabilities that have been spotted, HP is urging its customers to update the Support Assistant app immediately. A security update for version 9.x has been launched on theMicrosoftStore, however users on versions 8.x will not get a security patch. Instead, they too are being urged to update to the latest version of 9.x, which can be accessed through the ‘Check for updates’ button in the ‘About’ section.

BleepingComputerhighlights that this isn’t the first time that HP’s Support Assistant app has suffered from vulnerabilities. In fact,we reportedthat ten flaws were found in October 2019, some of which were unpatched for more than a year after they were initially discovered.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

While keeping software up-to-date is one way of staying on top ofsecurity patches, more software will inevitably lead to more potential vulnerabilities. With that in mind, removing unnecessary or unwanted software provides a solution that, at the same time, frees up disk space and processing power on your machine.

ViaBleepingComputer

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Your next smartwatch could be battery-free – and powered by your skin