itman 1,748 Posted April 4, 2020 Share Posted April 4, 2020 Quote In this blog post, we’ll be looking at HP Support Assistant which is “pre-installed on HP computers sold after October 2012, running Windows 7, Windows 8, or Windows 10 operating systems”. We’ll be walking through several vulnerabilities taking a close look at discovering and exploiting them. Protecting your machine If you’re wondering what you need to do to ensure your HP machine is safe from these vulnerabilities, it is critical to ensure that it is up to date or removed. By default, HP Support Assistant does not have automatic updating by default unless you explicitly opt-in (HP claims otherwise). It is important to note that because HP has not patched three local privilege escalation vulnerabilities, even if you have the latest version of the software, you are still vulnerable unless you completely remove the agent from your machine (Option 1). Option 1: Uninstall The best mitigation to protect against the attacks described in this article and future vulnerabilities is to remove the software entirely. This may not be an option for everyone, especially if you rely on the updating functionality the software provides, however, removing the software ensures that you’re safe from any other vulnerabilities that may exist in the application. For most Windows installations, you can use the “Add or remove programs” component of the Windows control panel to uninstall the service. There are two pieces of software to uninstall, one is called “HP Support Assistant” and the other is called “HP Support Solutions Framework”. Option 2: Update The next best option is to update the agent to the latest version. The latest update fixes several vulnerabilities discussed except for three local privilege escalation vulnerabilities. There are two ways to update the application, the recommended method is by opening “HP Support Assistant” from the Start menu, click “About” in the top right, and pressing “Check for latest version”. Another method of updating is to install the latest version from HP’s website here: https://www8.hp.com/us/en/campaigns/hpsupportassistant/hpsupport.html https://d4stiny.github.io/Several-Critical-Vulnerabilities-on-most-HP-machines-running-Windows/ I personally would opt for the uninstall option. Link to comment Share on other sites More sharing options...
daniel keith 0 Posted April 5, 2020 Share Posted April 5, 2020 Is it possible to defend with eset exploit blocker? Link to comment Share on other sites More sharing options...
itman 1,748 Posted April 5, 2020 Author Share Posted April 5, 2020 (edited) 3 hours ago, daniel keith said: Is it possible to defend with eset exploit blocker? As far as the not patched local privilege escalation vulnerabilities, I would say the answer is no. As best as I can determine, no official CVE's have been issued for these. Eset's exploit protection protects against CVE recorded vulnerabilities. Ref.: https://www.cvedetails.com/vulnerability-list/vendor_id-10/product_id-33528/HP-Support-Assistant.html Note that the above CVE reference shows 5 vulnerabilities associated with Support Assistant. Three of these show they have been mitigated and two as partially mitigated. I can't however determine if any of these CVE's are directly related to the unmitigated vulnerabilities noted in the original posted article. As far as HP Support Solutions Framework, nothing has been listed since 2015. Ref.: https://www.cvedetails.com/product/31497/HP-Support-Solution-Framework.html?vendor_id=10 Edited April 5, 2020 by itman Link to comment Share on other sites More sharing options...
itman 1,748 Posted April 5, 2020 Author Share Posted April 5, 2020 (edited) One other point about Eset's exploit protection. It is limited in scope in what it protects as noted below. Also in reality, it does not focus on CVE noted vulnerabilities. As such and in regards to application software outside of the scope noted, I would not rely on Eset's exploit protection in regards to application software vulnerabilities. Quote Exploit Blocker Exploit Blocker monitors typically exploitable applications (browsers, document readers, email clients, Flash, Java, and more) and instead of just aiming at particular CVE identifiers it focuses on exploitation techniques. When triggered, the behavior of the process is analyzed and, if it is considered suspicious, the threat may be blocked immediately on the machine. While ESET’s scanning engine covers exploits that appear in malformed document files and Network Attack Protection targets the communication level, the Exploit Blocker technology blocks the exploitation process itself. This technology is under constant development, new methods of detection are added regularly to cover new exploitation techniques. https://www.eset.com/int/about/technology/ Edited April 5, 2020 by itman Link to comment Share on other sites More sharing options...
daniel keith 0 Posted April 6, 2020 Share Posted April 6, 2020 22 hours ago, itman said: Eset의 악용 방지에 대한 또 다른 요점입니다. 아래 명시된대로 보호 범위가 제한됩니다. 또한 실제로는 CVE에서 지적한 취약점에 초점을 맞추지 않습니다. 따라서 언급 된 범위를 벗어난 응용 프로그램 소프트웨어와 관련하여, 응용 프로그램 소프트웨어 취약점과 관련하여 Eset의 악용 방지 기능에 의존하지 않습니다. That's a good explanation. I understood. Link to comment Share on other sites More sharing options...
Recommended Posts