Windows PCs Exposed to Attacks by Critical HP Support Assistant Bugs

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Several critical HP Support Assistant vulnerabilities expose Windows computers to remote code execution attacks and could allow attackers to elevate their privileges or to delete arbitrary files following successful exploitation.

HP Support Assistant, marketed by HP as a "free self-help tool," is pre-installed on new HP desktops and notebooks, and it is designed to deliver automated support, updates, and fixes to HP PCs and printers.

"Improve the performance and reliability of your PCs and printers with automatic firmware and driver updates," HP says. "You can configure your options to install updates automatically or to notify you when updates are available."

HP computers sold after October 2012 and running Windows 7, Windows 8, or Windows 10 operating systems all come with HP Support Assistant installed by default.

Some critical flaws patched, others not so much

Security researcher Bill Demirkapi found ten different vulnerabilities within the HP Support Assistant software, including five local privilege escalation flaws, two arbitrary file deletion vulnerabilities, and three remote code execution vulnerabilities.
... ...
 

Zero Knowledge

Level 20
Verified
Top Poster
Content Creator
Dec 2, 2016
841
I can not believe that major pc/laptop manufacturers have such poor quality control when it comes to preinstalled software. These are multi-billion dollar companies listed on the stock exchanges of the world. 5/10/15 years ago these problems may be excusable but news like this just keeps coming. Why bother licensing av software for laptops when your own software gets people owned.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top