What you need to know
- HP Support Assistant has several vulnerabilities that remain unpatched.
- The vulnerabilities leave devices exposed to remote code execution attacks.
- HP has fixed seven vulnerabilities in recent updates, but three vulnerabilities remain.
Many HP devices have unpatched vulnerabilities that leave devices exposed to attacks, according to findings from security researcher Bill Demirkapi. The vulnerabilities are in HP Support Assistant, which is installed by default on HP computers sold after October 2012. The vulnerabilities leave devices exposed to remote code execution attacks. Attackers can potentially take advantage of the vulnerabilities to elevate their privileges or delete arbitrary files, as reported by BleepingComputer.
Demirkapi found ten vulnerabilities in HP Support Assistant, including five local privilege escalation flaws, two arbitrary file deletion vulnerabilities, and three remote code execution vulnerabilities. Seven of the vulnerabilities have been patched through updates, but three local privilege escalation vulnerabilities remain.
Demirkapi explained in his technical description that "It is important to note that because HP has not patched three local privilege escalation vulnerabilities, even if you have the latest version of the software, you are still vulnerable unless you completely remove the agent from your machine."
The only way to completely mitigate the issue is to uninstall both HP Support Assistant and HP Support Solutions Framework from your computer. You can do this by using the Add or remove programs section in the Control Panel on most Windows setups. Microsoft breaks down the steps to uninstall a program on a support page (opens in new tab) in more detail. If you choose this route, make sure to uninstall both programs. Here are the basic steps for removing a program.
- Type Control Panel in the search box on your PC's taskbar.
- Select Programs
- Select Programs and Features
- Right-click (or press and hold) on the program you want to remove.
- Select Uninstall or Uninstall/Change
If you don't want to uninstall the programs, updating them will reduce how many vulnerabilities your PC has, though at this time will not fix all of them. You can check for updates in HP Support Assistant by clicking the About section within the program.
Sean Endicott is the news writer for Windows Central. If it runs Windows, is made by Microsoft, or has anything to do with either, he's on it. Sean's been with Windows Central since 2017 and is also our resident app expert. If you have a news tip or an app to review, hit him up at email@example.com.
Hot take: This is why bloatware needs to die in a hole.
What I actually needed to know was how these risks actually affect me in real day to day life.
Does this apply to the one available from the Windows Store? I've always found the app useful to highlight warranty or device info about the users pc and common update and troubleshooting steps...
Get the best of Windows Central in in your inbox, every day!
Thank you for signing up to Windows Central. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.