September 9, 2022

HP Patches a Severe Vulnerability in Pre-Installed Support Assistant Tool

A recently discovered vulnerability in HP Support Assistant, a software that comes pre-installed on all HP laptops and desktop PCs, was publicly disclosed by HP in a security advisory.

The Vulnerability:

CVE-2022-38395 (CVSS score: 8.2) – A DLL hijacking vulnerability that occurs when users attempt to execute HP Performance Tune-up from within HP Support Assistant allows attackers to elevate their privileges on vulnerable systems to ‘SYSTEM’ privileges.

Affected Products:

• HP Support Assistant versions earlier than 9.11.
• Fusion versions earlier than 1.38.2601.0.

Mitigation:

CYREBRO recommends those who use affected products to upgrade Support Assistant tool as soon as possible.

References: HP Advisoty