Home / Threat Intelligence bulletins / HP vulnerability fix for pre-installed support tool

Target Industry



Severity level: High – base score of 8.2 out of 10, exploitation could result in elevated privileges.

A vulnerability has been discovered by Secure D affecting the HP Support Assistant tool. This tool comes pre-installed on all HP laptops, desktop computers and even their sub-brand, Omen. The vulnerability is being tracked as CVE-2022-38395 and enables an attacker to exploit the Dynamic Link Library (DLL), thereby elevating their privileges within the targeted system.

However, before this vulnerability can be exploited, the attacker must already have access to the targeted system via other means.


This vulnerability allows malicious actors with pre-existing access to the target HP system the ability to elevate their permissions. Therefore, attackers will gain far more access and increased persistence, enabling them to export significant amounts of sensitive data or to deploy malware.

Vulnerability Detection

System owners should check the current version installed. This vulnerability affects all HP laptops and desktops pre-installed with Support Assistant prior to version 9.11, and HP Fusion prior to version 1.38.2601.0.

Affected Products

HP Support Assistant prior to version 9.11. HP Fusion prior to version 1.38.2601.0.

Containment, Mitigations & Remediations

Customers are strongly advised to update to the latest version of HP Support Assistant that includes fixes to this vulnerability. Additionally, it is advised that automatic updates in the HP Support Assistant settings are turned on to ensure a strong security posture against future HP vulnerabilities.

Indicators of Compromise

No IOCs.

Threat Landscape

A pre-installed vulnerability represents a significant threat to all affiliated users as the scope threat and potential of compromise is so great. Attackers will highly likely seize the opportunity to exploit this vulnerability before widespread patching takes place.

Threat Group

Opportunistic threat actors.

Mitre Methodologies

T1574.004 – Hijack Execution Flow: Dylib Hijacking

T1098 – Account Manipulation

Further Information

HP Advisory Support


Intelligence Terminology Yardstick