Several critical vulnerabilities in the HP Support Assistant expose Windows users to dangerous attacks, according to a new report. The company has already released several security updates, but a security problem is still unpatched.
BleepingComputer reports that It’s about the HP Support Assistant, which comes on HP computers that were sold after October 2012 and that have Windows 7, Windows 8, or Windows 10 pre-installed. By default, these are shipped with the HP Support Assistant. Security researcher Bill Demirkapi found ten different vulnerabilities in the software, including five local privilege escalation bugs, two file deletion vulnerabilities, and three remote code execution vulnerabilities.
Some of the critical bugs have been patched since Demirkapi reported it in October, others have not. HP had released several updates, most recently another security update in March. According to the report, a new security problem has now been added. Now Demirkap exposes the vulnerabilities to warn users accordingly.
What is the Remedy? Simply uninstall
The HP Support Assistant is offered by HP as a “free self-help tool”. The tool automatically manages the updates and corrections for HP’s PC and printer. As a damage mitigation measure, Demirkapi recommends uninstalling the vulnerable software.
To do this, both the actual HP Support Assistant and the HP Support Solutions Framework must be removed from the computer.
“It is important to note that since HP has not patched three local privilege escalation vulnerabilities, even if you have the latest version of the software, you will still be vulnerable if you do not completely remove the agent from your machine,” Demirkapi explained.
This is not the first time that Demirkapi has found critical vulnerabilities in software that is preinstalled on major manufacturers’ computers – most recently he reported similar security issues to Lenovo and Dell.