Several Critical RCE Bugs In HP Support Assistant Expose Windows PCs To Remote Attacks

Recently, several critical vulnerabilities in HP Support Assistant exposed Windows computers to remote code execution (RCE) attacks, that could easily enable the attackers to gain access or to execute arbitrary files following reliable exploitation.

However, HP Support Assistant, which is marketed by HP as a “free self-help tool,” comes preinstalled on brand-new HP desktops and notebooks, and it is planned to present automated support, updates, and repairs to HP PCs and printers.

Thus, HP simply states with the HP Support Assistant tool that with it, “You can simply enhance the performance and safety of your PCs and printers with automatic firmware and driver updates.” Not only this but “You can also identify your choices to install updates automatically or to inform you when updates are ready.” Well, the HP computers that are marketed after October 2012 with Windows 7, Windows 8, or Windows 10 operating systems, all come with the HP Support Assistant installed by default.

Some Critical Flaws Patched

Well, a well-known 18-year-old security researcher Bill Demirkapi identified ten different vulnerabilities inside the HP Support Assistant software, involving five local privilege escalation, two random file deletion vulnerabilities, and three Remote Code Execution (RCE) vulnerabilities.

Thus, HP PSIRT partially patched the vulnerabilities in December 2019, just after getting a first exposure report from the well-known security researcher Demirkapi throughout October 2019.

The different patch was published in March 2020 after the specialist mailed an updated report in January to cover one of the defects that were left unbroken earlier and to fix a newly introduced one. But, HP abandoned to patch three of the local privilege growth vulnerabilities, which indicates that even if you are utilizing the most advanced HP Support Assistant tool version, you are still exposed to attacks.

However, this kind of vulnerability is usually employed by ill-disposed actors throughout the later stages of their attacks to upgrade permissions and discover a resolution. This enables them to negotiate the targeted machines further after the target machine was penetrated.

Proof of Concept

Local Privilege Escalation Vulnerabilities

Remote Code Execution Vulnerabilities

Mitigation measures

To completely relieve all defects Demirkapi detected, you will require to uninstall the vulnerable software by eliminating both HP Support Assistant and HP Support Solutions Framework from your computer.

Well, if you depend on them to hold your devices’ software up to date, you should understand that HP Support Assistant commands you to opt-in to have automatic updates allowed by default.

Thus, if you don’t hold automatic updates allowed or you don’t desire to toggle them on, you will ought to manually update the app by monitoring for the latest version or install the latest release by downloading from the website of HP’s support.

Not only this, but Demirkapi also discovered the full details involving the discovery process and exploitation techniques for each of the vulnerabilities in HP Support Assistant.

Moreover, apart from these things, the well-known security researcher, Demirkapi also discovered a local privilege growth vulnerability influencing Dell’s SupportAssist Client, which appears “preinstalled on nearly all new Dell devices running Windows operating system.”

However, according to the latest reports, HP Support Assistant that comes preinstalled on HP computers which are marketed after October 2012, running Windows 7, Windows 8, or Windows 10 operating systems.

So, what do you think about this? Simply share all your views and thoughts in the comment section below.

Also Read: Top 10 Best Open Source Firewall to Protect Your Enterprise Network 2020

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.