HP has released a security bulletin to address a critical vulnerability in HP Support Assistant, tracked as CVE-2022-38395. This vulnerability could allow an attacker to exploit the DLL hijacking vulnerability and perform privilege escalation when Fusion launches the HP Performance Tune-up. An attacker could exploit this vulnerability to take control of an affected system such as by opening up victims to the deployment of malware or other malicious payloads.
It is recommended that all HP users upgrade Support Assistant as soon as possible.
HP recommends that customers review HP's Security Bulletin HPSBHF03809 and apply any necessary updates.
HP customers using version 9.x should update to the latest version of the Support Assistant from the Microsoft Store.
Those using the older version 8.x will need to open the software, go to the 'About' section, and click 'check for updates'.
If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.