HP Support Assistant Vulnerabilities
Security researcher have released details of ten vulnerabilities in HP's Support Assistant for Microsoft Windows, a free tool for managing users product warranties, automate support and updates, and connect to HP devices. The researchers claim that an attacker could exploit the vulnerabilities to remotely execute code, escalate their privileges, or delete local files.
Summary
Security researcher have released details of ten vulnerabilities in HP's Support Assistant for Microsoft Windows, a free tool for managing users product warranties, automate support and updates, and connect to HP devices. The researchers claim that an attacker could exploit the vulnerabilities to remotely execute code, escalate their privileges, or delete local files.
Affected platforms
The following platforms are known to be affected:
- HP Support Assistant - All versions
Threat details
The vulnerabilities can be attributed to several different underlying faults, but all appear to be the result of HP Support Assistant requiring input from unprivileged processes in order to function properly. These processes mean that HP Support Assistant cannot verify the inputs in any manner, making it trivially easy for an attacker to pass any malicious input they wish to the application.
Remediation steps
Last edited: 29 June 2021 12:01 pm