Beware: HP Support Assistant found vulnerable to DLL hijacking privilege escalation

HP logo on a black background with two danger skull signs on sides

The HP Support Assistant is a useful software utility provided by HP so that users can download and install necessary firmware and software, check performance related metrics, run some basic troubleshooting, among other things. However, the technology giant has warned that it found a security vulnerability in the application which could lead to privilege escalation using the DLL hijacking method. HP has assigned high severity rating for the new flaw with a CVSS v3.1 base score of 8.2.

The problem is precisely present in its Performance Tune-up diagnostic tool. In its security bulletin, HP explains the issue:

Privilege escalation in HP Support Assistant

HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. HP Support Assistant uses Fusion to launch HP Performance Tune-up. It is possible for an attacker to exploit the DLL hijacking vulnerability and elevate privileges when Fusion launches the HP Performance Tune-up.

HP has also listed the vulnerable software versions that are to be avoided:

  • HP Support Assistant versions earlier than 9.11

  • Fusion versions earlier than 1.38.2601.0

Hence, HP PC owners are advised to download and install the HP Support Assistant version 9.11 from the company's official website here.

Report a problem with article
AppleCare now offers Unlimited Repairs instead of just two per year but repairs cost extra
Next Article

AppleCare+ offers 'Unlimited Repairs' instead of just two per year but service is extra

Previous Article

Ring adds End-to-End Encryption to wireless doorbells and allows device transfers

5 Comments - Add comment

Advertisement