Bloatware, that software that comes installed by default if you buy a pre-assembled computer from any manufacturer, such as HP. It is usually a suite of applications with very specific and limited uses that nobody uses because there are better alternatives. If it can, people uninstall it, and if not, people disable it or do their best to at least ignore it as much as possible.
As it is standard on millions of units worldwide, they are expected to have a considerable layer of security. But with HP Support Assitant, it has recently been seen that this software that forces millions of users to have a huge security hole.
This is the security hole that is HP Support Assistant
HP has warned of a vulnerability in its Support Assistant tool, which comes pre-installed on all HP laptops and desktops. The vulnerability was discovered by researchers at Secure D. They noted it as particularly worrying with a severity score of “highFrom 8,2.
Cyber attackers could use an infected HP Support Assistant tool to elevate their privileges on vulnerable systems, gaining access without permission. An advisory issued by HP says that the DLL hijacking flaw is triggered when users run HP Performance Tune-up from HP Support Assistant, application designed to help computer users troubleshoot, perform diagnostic tests, check for BIOS and driver updates.
The DLL vulnerability, named CVE-2022-38395, involves threat actors injecting malicious code into HP Support Assistant. This code then exploits Windows logic to prioritize those libraries over DLLs in the System32 directory.
HP has urged its customers to update the Support Assistant app immediately. A security update for version 9.x has been released in the Microsoft Store, but users of versions 8.x will not receive a security patchThey will also need to update to the latest version of 9.x, which can be accessed via the “Check for Updates” button in the “About” section.
BleepingComputer stresses that this is not the first time HP's Support Assistant application has suffered from vulnerabilities. In October 2019, ten bugs were found, some of which were unpatched for over a year after being initially discovered. Another option is to remove bloatware, which also frees up hard drive space, CPU, and RAM by not having to move it around in the background.
