HP Support Assistant has a DLL Hijacking Vulnerability

Martin Brinkmann
Sep 8, 2022
Security
|
13

HP Support Assistant is a software program that is included on HP computers and notebooks. The program is also available as a standalone download; customers who use HP peripherals, such as printers or scanners, may install it to manage these devices on non-HP PCs.

hp support assistant vulnerability

HP published a HP Support Assistant security advisory on its website on September 6, 2022. According to the information, HP Support Assistant is vulnerable to DLL hijacking.

DLL hijacking is a common attack technique that exploits weaknesses in the DLL loading order on Windows, provided that programs do not specify library paths properly. Attackers may exploit the weakness by placing malicious DLL files in locations that are prioritized over the location of the legitimate DLL file.

Tip: DLL Hijack Detect is an open source tool to detect potential issues in Windows applications regarding DLL hijacking.

HP explains on the security advisory:

HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. HP Support Assistant uses Fusion to launch HP Performance Tune-up. It is possible for an attacker to exploit the DLL hijacking vulnerability and elevate privileges when Fusion launches the HP Performance Tune-up.

The vulnerability has a severity rating of high, the second highest after critical.

HP published an update for its HP Support Assistant software that includes the fix. The company recommends that customers turn on automatic updates to install the latest version. Alternatively, customers may download the latest version of HP Support Assistant from the official website.

The link that HP published at the time of writing is not working; we replaced it with a working one above.

HP Support Assistant 9 for PC requires a PC with Windows 10 or 11. A legacy version is provided for customers who run older versions of Windows. It is unclear from HP's description if the legacy version has received an update as well.

HP lists all versions of HP Support Assistant earlier than 9.11 as affected, which suggests that an update has not been released for the legacy version.

Closing Words

Many PC manufacturers install custom proprietary software on their devices. Some users uninstall these products, as they tend to be very heavy and have limited uses, but the majority of PC users is keeping these installed on their devices.

Now You: do you keep software from the PC's manufacturer installed, or uninstall it?

Summary
HP Support Assistant has a DLL Hijacking Vulnerability
Article Name
HP Support Assistant has a DLL Hijacking Vulnerability
Description
HP published a HP Support Assistant security advisory on its website that informs customers about a DLL hijack vulnerability in the software.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. CleanOS said on September 9, 2022 at 9:35 am
    Reply

    Thats why I always do a clean install after getting a new laptop(Recovery Partition is kept) to remove OEM crapware besides their Proprietary stuff that needs drivers like Keyboard Keys, etc. Remove any other crapware like Support, Autoupdate, etc.

    Also download hardware drivers of gpu, cpu, wifi, bluetooth, etc. from their manufacturers.

  2. John G. said on September 8, 2022 at 11:02 pm
    Reply

    In four words: nonsense useless HP bloatware. Thanks for the article. :]

  3. Mothy said on September 8, 2022 at 6:10 pm
    Reply

    Now You: do you keep software from the PC’s manufacturer installed, or uninstall it?

    I always wipe the hard drive and install the operating system from scratch. Then I only install needed drivers downloaded from the PC manufacturer’s website (or device manufacturer. ex Nvidia). And in the process also make sure only the driver is installed and not any additional software. Overall I highly limit installed software on the system to reduce its attack surface and complexity. I also use a software firewall in white list mode where only a few approved applications are allowed outbound or inbound network access (along with a hardware firewall router that blocks all inbound Internet access. ex. GRC ShieldsUp shows stealth mode).

  4. Gary said on September 8, 2022 at 4:52 pm
    Reply

    This alert is for older versions of HP Support Assistant, isn’t it?
    HP says:
    Affected products:
    HP Support Assistant versions earlier than 9.11.
    Fusion versions earlier than 1.38.2601.0.

    The version I have installed is 9.20.22.0
    But the “latest” version being offered on HPs site is only 9.19.52.0

    What’s with that??

  5. IgnoredFeedback said on September 8, 2022 at 4:10 pm
    Reply

    It’s awful using HP’s software. Every time I see offices purchasing HP printers, my heart bleeds. I attempt to avoid using their bloated software by using their universal drivers.

    To make matters worse, the use of their Smart Scan software now necessitates creating an online account in order to make a simple scan. My wish is for this business to perish severely.

  6. Sebas said on September 8, 2022 at 3:50 pm
    Reply

    HP Support Assistant is abysmal software. Especially the the option of installing bios updates is a dangerous nightmare. You just go to the HP support site and fill in the serial number of your machine. Even then it is very confusing. Windows comes to the rescue with auto driver updates. But which brand today has not this stupid kind of software?

  7. ShintoPlasm said on September 8, 2022 at 11:50 am
    Reply

    Did you just change the default font on gHacks? Suddenly shows up much smaller (at least in Firefox).

    1. ShintoPlasm said on September 8, 2022 at 12:34 pm
      Reply

      @Martin: Never mind. It’s a bug in version 2.3.3 of the Facebook Container add-on for Firefox. Currently being reported on its Github page that it’s breaking body fonts for many users.

    2. Martin Brinkmann said on September 8, 2022 at 11:57 am
      Reply

      Just checked, don’t see this in Firefox or other browsers. Did you try refreshing the page using Shift-Reload?

  8. Oh my, how unfortunate. said on September 8, 2022 at 10:21 am
    Reply

    When you thought you couldn’t possibly hate HP printers any more…

    1. That Guy Without Glasses said on September 9, 2022 at 12:39 am
      Reply

      This is not related to printers. This is a software to keep HP systems updated (desktop computers and laptops). Like Windows Update, but for updating HP drivers and bloatware.

  9. Neo said on September 8, 2022 at 10:03 am
    Reply

    “Now You: do you keep software from the PC’s manufacturer installed, or uninstall it?”

    Image the drive and throw it into storage then wiping & installing Linux.

    1. Peterc said on September 8, 2022 at 3:38 pm
      Reply

      @Neo:

      Aha! So you DO “keep” it! ;-)

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.