HP patches high-severity security flaw in its own support tool
The application that's installed in every HP desktop and notebook was allowing hackers to elevate privileges through a DLL hijacking vulnerability
HP has patched a privilege escalation security flaw in an application installed on its devices at the factory, before it’s shipped.
Rated ‘high’ on the CVSSv3.1 severity scale with a score of 8.2, the bug could allow cyber attackers to assign their payloads greater powers in a system after initially gaining access, opening the victim up to more damaging attacks.
In this scenario, system-level privileges can be achieved, opening up victims to the deployment of malware or other malicious payloads.
Tracked as CVE-2022-38395, the flaw appears to be found specifically in the Fusion component which is used to launch HP Performance Tune-up - a diagnostic tool found in HP Support Assistant.
It’s a dynamic link library (DLL) hijacking vulnerability that can be exploited in Fusion and the privilege escalation can take place when Fusion launches HP Performance Tune-up, HP said in its security advisory.
DLL vulnerabilities are exclusive to Windows machines and exploit the way in which Windows systems search for and load DLL files.
Escape the ransomware maze
Conventional endpoint protection tools just aren’t the best defence anymoreFree Download
DLL files can be seen as little parts of a Windows programme and each can be used for different things, like common functions such as looking up domain names.
Hackers can place their own DLL file in the same location as the legitimate one. The vulnerable part of a programme will then look in the usual place for the DLL it needs to perform a given action and execute the malicious code residing in the hijacked file.
This code can then run using the same privileges given to the vulnerable part of the programme, HP Performance Tune-up, which runs with system-level privileges, allowing hackers to elevate their own code’s level of access on the system.
The bug was found in HP Support Assistant which is factory-installed on new HP desktops and laptops, and can also be installed on other manufacturers’ devices to access resources for HP printers, for example.
The app provides automated fixes and other troubleshooting functions to users, as well as helping users find the information they’re looking for. It also offers automatic updates for PC and printer firmware and drivers.
2022 State of the multi-cloud report
What are the biggest multi-cloud motivations for decision-makers, and what are the leading challengesFree Download
The Total Economic Impact™ of IBM robotic process automation
Cost savings and business benefits enabled by robotic process automationFree Download
Multi-cloud data integration for data leaders
A holistic data-fabric approach to multi-cloud integrationFree Download
MLOps and trustworthy AI for data leaders
A data fabric approach to MLOps and trustworthy AIFree Download