Serious security flaw puts HP PCs at risk — here's how to fix it

Hp Spectre X360 13 Late 2019 Top
Hp Spectre X360 13 Late 2019 Top (Image credit: Daniel Rubino/Windows Central)

What you need to know

  • HP Support Assistant has several vulnerabilities that remain unpatched.
  • The vulnerabilities leave devices exposed to remote code execution attacks.
  • HP has fixed seven vulnerabilities in recent updates, but three vulnerabilities remain.

Many HP devices have unpatched vulnerabilities that leave devices exposed to attacks, according to findings from security researcher Bill Demirkapi. The vulnerabilities are in HP Support Assistant, which is installed by default on HP computers sold after October 2012. The vulnerabilities leave devices exposed to remote code execution attacks. Attackers can potentially take advantage of the vulnerabilities to elevate their privileges or delete arbitrary files, as reported by BleepingComputer.

Demirkapi found ten vulnerabilities in HP Support Assistant, including five local privilege escalation flaws, two arbitrary file deletion vulnerabilities, and three remote code execution vulnerabilities. Seven of the vulnerabilities have been patched through updates, but three local privilege escalation vulnerabilities remain.

Demirkapi explained in his technical description that "It is important to note that because HP has not patched three local privilege escalation vulnerabilities, even if you have the latest version of the software, you are still vulnerable unless you completely remove the agent from your machine."

The only way to completely mitigate the issue is to uninstall both HP Support Assistant and HP Support Solutions Framework from your computer. You can do this by using the Add or remove programs section in the Control Panel on most Windows setups. Microsoft breaks down the steps to uninstall a program on a support page in more detail. If you choose this route, make sure to uninstall both programs. Here are the basic steps for removing a program.

  1. Type Control Panel in the search box on your PC's taskbar.
  2. Select Programs
  3. Select Programs and Features
  4. Right-click (or press and hold) on the program you want to remove.
  5. Select Uninstall or Uninstall/Change

If you don't want to uninstall the programs, updating them will reduce how many vulnerabilities your PC has, though at this time will not fix all of them. You can check for updates in HP Support Assistant by clicking the About section within the program.

Sean Endicott
News Writer and apps editor

Sean Endicott brings nearly a decade of experience covering Microsoft and Windows news to Windows Central. He joined our team in 2017 as an app reviewer and now heads up our day-to-day news coverage. If you have a news tip or an app to review, hit him up at