September 9, 2022
HP Patches a Severe Vulnerability in Pre-Installed Support Assistant Tool
A recently discovered vulnerability in HP Support Assistant, a software that comes pre-installed on all HP laptops and desktop PCs, was publicly disclosed by HP in a security advisory.
CVE-2022-38395 (CVSS score: 8.2) – A DLL hijacking vulnerability that occurs when users attempt to execute HP Performance Tune-up from within HP Support Assistant allows attackers to elevate their privileges on vulnerable systems to ‘SYSTEM’ privileges.
- HP Support Assistant versions earlier than 9.11.
- Fusion versions earlier than 1.38.2601.0.
CYREBRO recommends those who use affected products to upgrade Support Assistant tool as soon as possible.
References: HP Advisoty