"HP Fixes Severe Bug in Pre-installed Support Assistant Tool"

HP issued a security advisory informing users of a newly discovered vulnerability in HP Support Assistant, a software tool that comes with all HP laptops and desktop computers, including the Omen sub-brand. HP Support Assistant can be used to troubleshoot problems, run hardware diagnostic tests, further explore technical specifications, and even check for BIOS and driver updates on HP devices. The flaw, discovered and reported to HP by Secure D researchers, is tracked as CVE-2022-38395 and has a "high" severity score of 8.2 because it allows attackers to escalate their privileges on vulnerable systems. While the computer manufacturer has not provided many details about the security flaw, the advisory mentions a DLL hijacking flaw that occurs when users attempt to launch HP Performance Tune-up from within HP Support Assistant. DLL hijacking occurs when a malicious actor places a DLL containing malicious code in the same folder as the abused executable, taking advantage of Windows' logic that prioritizes those libraries against DLLs in the System32 directory. The code that runs when the library is loaded assumes the privileges of the abused executable, in this case, HP Support Assistant running with 'SYSTEM' privileges. As a result, attackers who have already established their presence on a system via low-privileged malware or a RAT tool can exploit the flaw. This article continues to discuss the vulnerability discovered in HP Support Assistant. 

Bleeping Computer reports "HP Fixes Severe Bug in Pre-installed Support Assistant Tool"