Get in Touch
HP vulnerability fix for pre-installed support tool
Target Industry
Indiscriminate.
Overview
Severity level: High – base score of 8.2 out of 10, exploitation could result in elevated privileges.
A vulnerability has been discovered by Secure D affecting the HP Support Assistant tool. This tool comes pre-installed on all HP laptops, desktop computers and even their sub-brand, Omen. The vulnerability is being tracked as CVE-2022-38395 and enables an attacker to exploit the Dynamic Link Library (DLL), thereby elevating their privileges within the targeted system.
However, before this vulnerability can be exploited, the attacker must already have access to the targeted system via other means.
Impact
This vulnerability allows malicious actors with pre-existing access to the target HP system the ability to elevate their permissions. Therefore, attackers will gain far more access and increased persistence, enabling them to export significant amounts of sensitive data or to deploy malware.
Vulnerability Detection
System owners should check the current version installed. This vulnerability affects all HP laptops and desktops pre-installed with Support Assistant prior to version 9.11, and HP Fusion prior to version 1.38.2601.0.
Affected Products
HP Support Assistant prior to version 9.11. HP Fusion prior to version 1.38.2601.0.
Containment, Mitigations & Remediations
Customers are strongly advised to update to the latest version of HP Support Assistant that includes fixes to this vulnerability. Additionally, it is advised that automatic updates in the HP Support Assistant settings are turned on to ensure a strong security posture against future HP vulnerabilities.
Indicators of Compromise
No IOCs.
Threat Landscape
A pre-installed vulnerability represents a significant threat to all affiliated users as the scope threat and potential of compromise is so great. Attackers will highly likely seize the opportunity to exploit this vulnerability before widespread patching takes place.
Threat Group
Opportunistic threat actors.
Mitre Methodologies
T1574.004 – Hijack Execution Flow: Dylib Hijacking
T1098 – Account Manipulation
Further Information