HP has patched a privilege escalation security flaw in an application installed on its devices at the factory, before it’s shipped.
Rated ‘high’ on the CVSSv3.1 severity scale with a score of 8.2, the bug could allow cyber attackers to assign their payloads greater powers in a system after initially gaining access, opening the victim up to more damaging attacks.
In this scenario, system-level privileges can be achieved, opening up victims to the deployment of malware or other malicious payloads.
The capabilities of the malware available to hackers could be wide-reaching and varied. Spyware, worms, and credential stealers are some of the possible tools at hackers’ disposal.
Tracked as CVE-2022-38395, the flaw appears to be found specifically in the Fusion component which is used to launch HP Performance Tune-up - a diagnostic tool found in HP Support Assistant.
It’s a dynamic link library (DLL) hijacking vulnerability that can be exploited in Fusion and the privilege escalation can take place when Fusion launches HP Performance Tune-up, HP said in its security advisory.
DLL vulnerabilities are exclusive to Windows machines and exploit the way in which Windows systems search for and load DLL files.
DLL files can be seen as little parts of a Windows programme and each can be used for different things, like common functions such as looking up domain names.
Hackers can place their own DLL file in the same location as the legitimate one. The vulnerable part of a programme will then look in the usual place for the DLL it needs to perform a given action and execute the malicious code residing in the hijacked file.
This code can then run using the same privileges given to the vulnerable part of the programme, HP Performance Tune-up, which runs with system-level privileges, allowing hackers to elevate their own code’s level of access on the system.
The bug was found in HP Support Assistant which is factory-installed on new HP desktops and laptops, and can also be installed on other manufacturers’ devices to access resources for HP printers, for example.
The app provides automated fixes and other troubleshooting functions to users, as well as helping users find the information they’re looking for. It also offers automatic updates for PC and printer firmware and drivers.
Creating more customer value in HR software applications
Organisations are improving the way they consume data centre infrastructure
Dell Technologies delivers on as-a-Service with APEX data storage services
Can't choose between public and private cloud? You don't have to with IaaS
Enjoy a cloud-like experience with on-premises infrastructure
Dell EMC PowerStore is modern enterprise storage designed to address the needs of our new era
Apple’s iPhone 14 launch is a mini disappointment
Portugal government cyber attack allegedly leaks "hundreds" of classified NATO documents
InterContinental Hotels Group confirms cyber attack, experts suggest ransomware
ITPro is part of Future plc, an international media group and leading digital publisher. Visit our corporate site www.futureplc.com © Future Publishing Limited, Quay House, The Ambury, Bath BA1 1UA. All rights reserved. England and Wales company registration number 2008885