Several Critical RCE Bugs In HP Support Assistant Expose Windows PCs To Remote Attacks

Recently, several critical vulnerabilities in HP Support Assistant exposed Windows computers to remote code execution (RCE) attacks, that could easily enable the attackers to gain access or to execute arbitrary files following reliable exploitation.

However, HP Support Assistant, which is marketed by HP as a “free self-help tool,” comes preinstalled on brand-new HP desktops and notebooks, and it is planned to present automated support, updates, and repairs to HP PCs and printers.

Thus, HP simply states with the HP Support Assistant tool that with it, “You can simply enhance the performance and safety of your PCs and printers with automatic firmware and driver updates.” Not only this but “You can also identify your choices to install updates automatically or to inform you when updates are ready.” Well, the HP computers that are marketed after October 2012 with Windows 7, Windows 8, or Windows 10 operating systems, all come with the HP Support Assistant installed by default.

Some Critical Flaws Patched

Well, a well-known 18-year-old security researcher Bill Demirkapi identified ten different vulnerabilities inside the HP Support Assistant software, involving five local privilege escalation, two random file deletion vulnerabilities, and three Remote Code Execution (RCE) vulnerabilities.

Thus, HP PSIRT partially patched the vulnerabilities in December 2019, just after getting a first exposure report from the well-known security researcher Demirkapi throughout October 2019.

The different patch was published in March 2020 after the specialist mailed an updated report in January to cover one of the defects that were left unbroken earlier and to fix a newly introduced one. But, HP abandoned to patch three of the local privilege growth vulnerabilities, which indicates that even if you are utilizing the most advanced HP Support Assistant tool version, you are still exposed to attacks.

However, this kind of vulnerability is usually employed by ill-disposed actors throughout the later stages of their attacks to upgrade permissions and discover a resolution. This enables them to negotiate the targeted machines further after the target machine was penetrated.

Proof of Concept

Local Privilege Escalation Vulnerabilities

Remote Code Execution Vulnerabilities

Mitigation measures

To completely relieve all defects Demirkapi detected, you will require to uninstall the vulnerable software by eliminating both HP Support Assistant and HP Support Solutions Framework from your computer.

Well, if you depend on them to hold your devices’ software up to date, you should understand that HP Support Assistant commands you to opt-in to have automatic updates allowed by default.

Thus, if you don’t hold automatic updates allowed or you don’t desire to toggle them on, you will ought to manually update the app by monitoring for the latest version or install the latest release by downloading from the website of HP’s support.

Not only this, but Demirkapi also discovered the full details involving the discovery process and exploitation techniques for each of the vulnerabilities in HP Support Assistant.

Moreover, apart from these things, the well-known security researcher, Demirkapi also discovered a local privilege growth vulnerability influencing Dell’s SupportAssist Client, which appears “preinstalled on nearly all new Dell devices running Windows operating system.”

However, according to the latest reports, HP Support Assistant that comes preinstalled on HP computers which are marketed after October 2012, running Windows 7, Windows 8, or Windows 10 operating systems.

So, what do you think about this? Simply share all your views and thoughts in the comment section below.

Also Read: Top 10 Best Open Source Firewall to Protect Your Enterprise Network 2020

Balaji N

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report that highlights…

2 hours ago

C2A Security’s EVSec Risk Management and Automation Platform Gains Automotive Industry Favor as Companies Pursue Regulatory Compliance

In 2023, C2A Security added multiple OEMs and Tier 1s to its portfolio of customers,…

3 hours ago

Apple ID “push bombing” Attack Targeting Apple Users to Steal passwords

Apple users are falling prey to a sophisticated phishing campaign designed to hijack their Apple…

5 hours ago

Hackers Using Weaponized Virtual Hard Disk Files to Deliver Remcos RAT

Hackers have been found leveraging weaponized virtual hard disk (VHD) files to deploy the notorious…

5 hours ago

NVIDIA ChatRTX For Windows App Vulnerability Let Attackers Escalate Privilege

A security update released by ChatRTX on March 26th, 2024, addresses two vulnerabilities (CVE-2024-0082 and…

10 hours ago

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

A new threat has emerged, targeting unsuspecting iPhone users through the seemingly secure iMefofferssage platform.…

10 hours ago