Many HP devices have unpatched vulnerabilities that leave devices exposed to attacks, according to findings from security researcher Bill Demirkapi. The vulnerabilities are in HP Support Assistant, which is installed by default on HP computers sold after October 2012. The vulnerabilities leave devices exposed to remote code execution attacks. Attackers can potentially take advantage of the vulnerabilities to elevate their privileges or delete arbitrary files, as reported by BleepingComputer.
Demirkapi found ten vulnerabilities in HP Support Assistant, including five local privilege escalation flaws, two arbitrary file deletion vulnerabilities, and three remote code execution vulnerabilities. Seven of the vulnerabilities have been patched through updates, but three local privilege escalation vulnerabilities remain.
Demirkapi explained in his technical description that “It is important to note that because HP has not patched three local privilege escalation vulnerabilities, even if you have the latest version of the software, you are still vulnerable unless you completely remove the agent from your machine.”
The only way to completely mitigate the issue is to uninstall both HP Support Assistant and HP Support Solutions Framework from your computer. You can do this by using the Add or remove programs section in the Control Panel on most Windows setups. Microsoft breaks down the steps to uninstall a program on a support page in more detail. If you choose this route, make sure to uninstall both programs. Here are the basic steps for removing a program.
- Type Control Panel in the search box on your PC’s taskbar.
- Select Programs
- Select Programs and Features
- Right-click (or press and hold) on the program you want to remove.
- Select Uninstall or Uninstall/Change
If you don’t want to uninstall the programs, updating them will reduce how many vulnerabilities your PC has, though at this time will not fix all of them. You can check for updates in HP Support Assistant by clicking the About section within the program.
We may earn a commission for purchases using our links. Learn more.