IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

HP patches high-severity security flaw in its own support tool

The application that's installed in every HP desktop and notebook was allowing hackers to elevate privileges through a DLL hijacking vulnerability

HP has patched a privilege escalation security flaw in an application installed on its devices at the factory, before it’s shipped.

Rated ‘high’ on the CVSSv3.1 severity scale with a score of 8.2, the bug could allow cyber attackers to assign their payloads greater powers in a system after initially gaining access, opening the victim up to more damaging attacks.

In this scenario, system-level privileges can be achieved, opening up victims to the deployment of malware or other malicious payloads.

The capabilities of the malware available to hackers could be wide-reaching and varied. Spyware, worms, and credential stealers are some of the possible tools at hackers’ disposal.

Tracked as CVE-2022-38395, the flaw appears to be found specifically in the Fusion component which is used to launch HP Performance Tune-up - a diagnostic tool found in HP Support Assistant.

It’s a dynamic link library (DLL) hijacking vulnerability that can be exploited in Fusion and the privilege escalation can take place when Fusion launches HP Performance Tune-up, HP said in its security advisory.

DLL vulnerabilities are exclusive to Windows machines and exploit the way in which Windows systems search for and load DLL files.

Related Resource

Escape the ransomware maze

Conventional endpoint protection tools just aren’t the best defence anymore

Whitepaper cover with overhead image of a man sat at a deska with a computer in the centre of a maze in the shadowsFree Download

DLL files can be seen as little parts of a Windows programme and each can be used for different things, like common functions such as looking up domain names.

Hackers can place their own DLL file in the same location as the legitimate one. The vulnerable part of a programme will then look in the usual place for the DLL it needs to perform a given action and execute the malicious code residing in the hijacked file. 

This code can then run using the same privileges given to the vulnerable part of the programme, HP Performance Tune-up, which runs with system-level privileges, allowing hackers to elevate their own code’s level of access on the system.

The bug was found in HP Support Assistant which is factory-installed on new HP desktops and laptops, and can also be installed on other manufacturers’ devices to access resources for HP printers, for example.

The app provides automated fixes and other troubleshooting functions to users, as well as helping users find the information they’re looking for. It also offers automatic updates for PC and printer firmware and drivers.

Featured Resources

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

The Total Economic Impact™ of IBM robotic process automation

Cost savings and business benefits enabled by robotic process automation

Free Download

Multi-cloud data integration for data leaders

A holistic data-fabric approach to multi-cloud integration

Free Download

MLOps and trustworthy AI for data leaders

A data fabric approach to MLOps and trustworthy AI

Free Download

Most Popular

Empowering employees to truly work anywhere
Sponsored

Empowering employees to truly work anywhere

22 Nov 2022
Salesforce co-CEO Bret Taylor resigns with cryptic parting message
Business operations

Salesforce co-CEO Bret Taylor resigns with cryptic parting message

1 Dec 2022
The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

14 Nov 2022