DLL Hijacking: Security issue discovered in HP Support Assistant
The manufacturer HP has published a security advisory for a vulnerability in HP Support Assistant. The warning states that the software is vulnerable to DLL hijacking and attackers could use the elevation of privilege to gain access to systems.
New vulnerability discovered in HP Support Assistant
The severity of this vulnerability is rated as high. However, there are currently no reports as to whether this vulnerability is already being actively exploited. HP has already released appropriate updates to close the DLL hijacking vulnerability. According to the online magazine, GHacks be run by all HP users as soon as possible.
Even those who do not use a PC from HP, but peripheral devices such as printers and scanners, are affected. This also applies if no HP hardware is currently in use, but the HP Support Assistant may still be present on the computer as a relic. In the official description of the security problem It says HP support:
Older versions vulnerable
“HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. HP Support Assistant uses Fusion to launch HP Performance Tune-up. It is possible for an attacker to exploit the DLL hijacking vulnerability and elevate privileges if Fusion den HP Performance Tune-up starts. HP tries to fix all security issues with HP Support Assistant as soon as possible and makes the latest version with the fixes available.
HP recommends customers to update to the latest version of HP Support Assistant that contains the fixes for contains the issues listed above by enabling automatic updates in HP Support Assistant settings If the system has HP Support Assistant version 8x installed, HP recommends customers to upgrade to HP Support Assistant version 9 by following the ‘ About’ and check for updates If HP Support Assistant version 9 on the system is installed, HP recommends leaving Microsoft Store updates enabled to keep the application up-to-date. Alternatively, customers can also download the latest version from https://www.hp.com/go/hpsupportassistant.”
Affected products include HP Support Assistant versions prior to 9.11 and Fusion versions prior to 1.38.2601.0. Both versions are older, so there is probably no direct need for action for users who allow automatic Microsoft Store updates or regularly check for updates manually. HP Support Assistant version 9 requires at least Windows 10 or Windows 11. If you use older Windows versions, it looks like you still have to wait for a security update.
What is DLL hijacking?
DLL hijacking is a long-standing security problem also known as “binary planting”. It affects a number of Windows programs. Attackers load a DLL file (Dynamic Link Library) from an unintended path, which means they smuggle in manipulated data via the vulnerability.
Research Snipers is currently covering all technology news including Google, Apple, Android, Xiaomi, Huawei, Samsung News, and More. Research Snipers has decade of experience in breaking technology news, covering latest trends in tech news, and recent developments.
