HP patches high-severity security flaw in its own support tool

News
By Connor Jones
published

The application that's installed in every HP desktop and notebook was allowing hackers to elevate privileges through a DLL hijacking vulnerability

Top-down picture of HP Spectre 13 laptop
(Image credit: IT Pro)

HP has patched a privilege escalation security flaw in an application installed on its devices at the factory, before it’s shipped.

Rated ‘high’ on the CVSSv3.1 severity scale with a score of 8.2, the bug could allow cyber attackers to assign their payloads greater powers in a system after initially gaining access, opening the victim up to more damaging attacks.

Researcher discovers simple tweak that neutralises Conti, REvil, WannaCry attacks SolarWinds hackers strike again with a new “MagicWeb” authentication exploit Actively exploited Windows vulnerability reaches peak severity when paired with popular attack

In this scenario, system-level privileges can be achieved, opening up victims to the deployment of malware or other malicious payloads.

The capabilities of the malware available to hackers could be wide-reaching and varied. Spyware, worms, and credential stealers are some of the possible tools at hackers’ disposal.

Tracked as CVE-2022-38395, the flaw appears to be found specifically in the Fusion component which is used to launch HP Performance Tune-up - a diagnostic tool found in HP Support Assistant.

It’s a dynamic link library (DLL) hijacking vulnerability that can be exploited in Fusion and the privilege escalation can take place when Fusion launches HP Performance Tune-up, HP said in its security advisory.

DLL vulnerabilities are exclusive to Windows machines and exploit the way in which Windows systems search for and load DLL files.

RELATED RESOURCE

Escape the ransomware maze

Conventional endpoint protection tools just aren’t the best defence anymore

FREE DOWNLOAD

DLL files can be seen as little parts of a Windows programme and each can be used for different things, like common functions such as looking up domain names.

Hackers can place their own DLL file in the same location as the legitimate one. The vulnerable part of a programme will then look in the usual place for the DLL it needs to perform a given action and execute the malicious code residing in the hijacked file.

This code can then run using the same privileges given to the vulnerable part of the programme, HP Performance Tune-up, which runs with system-level privileges, allowing hackers to elevate their own code’s level of access on the system.

The bug was found in HP Support Assistant which is factory-installed on new HP desktops and laptops, and can also be installed on other manufacturers’ devices to access resources for HP printers, for example.

The app provides automated fixes and other troubleshooting functions to users, as well as helping users find the information they’re looking for. It also offers automatic updates for PC and printer firmware and drivers.

Connor Jones
Connor Jones
News and Analysis Editor

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.