A security researcher discovered multiple vulnerabilities in HP Support Assistant, a utility pre-installed on all HP computers sold after October 2012.
Pre-loaded on computers running Windows 7, Windows 8, and Windows 10, the tool was found to be impacted by ten vulnerabilities, including five local privilege escalation flaws, two arbitrary file deletion bugs, and three remote code execution bugs.
When launched, the utility starts hosting a “service interface” that exposes over 250 different functions to the client. The contract interface is exposed to the local system and clients connect to it through a specific pipe, security researcher Bill Demirkapi explains.
A series of checks are performed to validate client connections to the interface, so as to finally allow the client to call certain protected methods. While there are mitigations in place, HP Support Assistant is insecure by design, the researcher says.
“This is because core components, such as the HP Web Product Detection rely on access to the service and run in an unprivileged context. The fact is, the current way the HP Service is designed, the service must be able to receive messages from unprivileged processes. There will always be a way to talk to the service as long as unprivileged processes are able to talk to the service,” the researcher notes.
The researcher discovered that an attacker could, for example, place their own malicious binary in specific folders on the system partition and have it executed by HP’s signed process with system privileges, that a downloaded file would be executed even if a signature verification failed, and that an attacker could start an executable with the decrypt argument to write malicious payloads anywhere on the system.
Moreover, the researcher ..
Support the originator by clicking the read the rest link below.
