HP Touchpoint Analytics LPE Vulnerability Affects Most HP PCs

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Content source
https://www.bleepingcomputer.com/news/security/hp-touchpoint-analytics-lpe-vulnerability-affects-most-hp-pcs/
HP patched a vulnerability discovered in the HP Touchpoint Analytics software installed by default on most HP computers running Windows, a flaw allowing attackers to escalate privileges and execute arbitrary code using SYSTEM privileges.

HP TouchPoint Analytics is a software that comes pre-installed on most HP computers in the form of a Windows service running with top-level 'NT AUTHORITY\SYSTEM' permissions and designed to collect hardware performance diagnostic info anonymously.

The local privilege escalation (LPE) vulnerability tracked as CVE-2019-6333 was found in the Open Hardware Monitor library used by HP's monitoring software.
Click to expand...
 
  • Like
  • +Reputation
Reactions: [correlate], Venustus, Gandalf_The_Grey and 4 others
[correlate]

[correlate]

Level 18
Top Poster
Well-known
May 4, 2019
801
HP Touchpoint Analytics Opens PCs to Code Execution Attack
The vulnerability stems from an issue with DLL loading in Open Source Hardware, used by tens of millions of computers, researchers say.
A security flaw, discovered in an open-source software program that is a key component of HP’s TouchPoint Analytics service, is opening up a wide swath of HP computers to attack. The vulnerability, if exploited by local attackers with administrative privileges, can allow them to execute arbitrary code on victim systems.
The affected software, Open Hardware Monitor, monitors temperature sensors, fan speeds, voltages, load and clock speeds of a computer. It is utilized by tens of millions of computers and is a key third-party component of HP Touchpoint Analytics, said researchers with SafeBreach Labs, who discovered the flaw.
HP TouchPoint Analytics is a service that anonymously collects diagnostic information about hardware performance. The service is pre-installed on most HP PCs, meaning the flaw has a wide attack surface, said researchers.
Click to expand...
threatpost.com

HP Touchpoint Analytics Open to Code Execution Attack

The vulnerability stems from an issue with DLL loading in Open Source Hardware, used by tens of millions of computers, researchers say.
threatpost.com threatpost.com
 
  • Like
Reactions: Venustus, LASER_oneXM, upnorth and 1 other person
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
HP to patch critical bug in LaserJet printers within 90 days
Replies
0
Views
995
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
CyberPanther
    • Like
New Update ESET patches High-Severity Privilege Escalation Vulnerability
Replies
0
Views
1,424
ESET
CyberPanther
CyberPanther
Gandalf_The_Grey
    • Like
    • +Reputation
Security News December Android updates fix critical zero-click RCE flaw
Replies
0
Views
1,315
Security News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top