HP patches a high-severity safety flaw within the HP Help Assistant, which helps hold HP laptop in working order by discovering updates and offering troubleshooting instruments.
It’s a software program device that comes pre-installed on all HP laptops and desktop computer systems, together with the Omen sub-brand. It carries out {hardware} diagnostic exams, dive deeper into technical specs, verify efficiency associated metrics, and driver updates on HP gadgets.
The flaw is tracked as (CVE-2022-38395), with a excessive severity rating of 8.2, which ends up in privilege escalation vulnerability. The flaw was revealed by researchers at Safe D.
“It’s attainable for an attacker to take advantage of the DLL hijacking vulnerability and elevates privileges when Fusion launches the HP Efficiency Tune-up”, reads the advisory from HP
Thus, a DLL hijacking vulnerability triggered when the consumer launches HP Efficiency Tune-up inside HP Help Assistant. This takes place when a risk actor locations a DLL containing malicious code on the identical folder because the abused executable, exploiting Home windows’ logic to prioritize these libraries towards DLLs within the System32 listing.
The subsystem that may set off the DLL hijacking assault
On this case, the code that executes by loading the library assumes the privileges of the abused executable which is HP Help Assistant operating with ‘SYSTEM’ privileges.
Affected Merchandise
- HP Help Assistant variations sooner than 9.11.
- Fusion variations sooner than 1.38.2601.0.
Suggestions
HP advises the purchasers replace to the most recent model of HP Help Assistant that features fixes for points by turning on automated updates within the HP Help Assistant settings.
If the system has HP Help Assistant model 8x, it’s endorsed to improve to HP Help Assistant model 9 by going to the “About” part and “verify for updates”. If the system has HP Help Assistant model 9, hold the Microsoft Retailer updates turned on in order that the applying is all the time saved updated.
Obtain Free SWG – Safe Net Filtering – E-book