HP has issued a security advisory informing users about a newly discovered vulnerability in HP Support Assistant. HP Support Assistant comes pre-installed on all HP laptops and desktop computers and is used to troubleshoot device issues and check for BIOS and driver updates.
The vulnerability, tracked as CVE-2022-38395, exists as a DLL hijacking flaw within the HP Support Assistant tool. DLL hijacking occurs when a malicious DLL is placed in the same folder as the vulnerable executable, exploiting Windows’ logic to use DLLs in the same directory as the application over those found in the System32 directory. When the program is executed, the malicious DLL is loaded alongside it using the same privileges as the running executable. In the case of HP Support Assistant, this means that the DLL is loaded with “SYSTEM” privileges, allowing a threat actor to escalate their privileges to the highest level when exploiting this vulnerability. This hijacking occurs when the HP Performance Tune-up utility is launched from within the main HP Support Assistant tool.
This vulnerability exists in HP Support Assistant versions prior to 9.11. HP has released a fix for the vulnerability in versions 9.11 and onwards.