Get in Touch
HP vulnerability fix for pre-installed support tool
Severity level: High – base score of 8.2 out of 10, exploitation could result in elevated privileges.
A vulnerability has been discovered by Secure D affecting the HP Support Assistant tool. This tool comes pre-installed on all HP laptops, desktop computers and even their sub-brand, Omen. The vulnerability is being tracked as CVE-2022-38395 and enables an attacker to exploit the Dynamic Link Library (DLL), thereby elevating their privileges within the targeted system.
However, before this vulnerability can be exploited, the attacker must already have access to the targeted system via other means.
This vulnerability allows malicious actors with pre-existing access to the target HP system the ability to elevate their permissions. Therefore, attackers will gain far more access and increased persistence, enabling them to export significant amounts of sensitive data or to deploy malware.
System owners should check the current version installed. This vulnerability affects all HP laptops and desktops pre-installed with Support Assistant prior to version 9.11, and HP Fusion prior to version 1.38.2601.0.
HP Support Assistant prior to version 9.11. HP Fusion prior to version 1.38.2601.0.
Containment, Mitigations & Remediations
Customers are strongly advised to update to the latest version of HP Support Assistant that includes fixes to this vulnerability. Additionally, it is advised that automatic updates in the HP Support Assistant settings are turned on to ensure a strong security posture against future HP vulnerabilities.
Indicators of Compromise
A pre-installed vulnerability represents a significant threat to all affiliated users as the scope threat and potential of compromise is so great. Attackers will highly likely seize the opportunity to exploit this vulnerability before widespread patching takes place.
Opportunistic threat actors.
T1574.004 – Hijack Execution Flow: Dylib Hijacking
T1098 – Account Manipulation