Several cloud computing security specialists and users have always pointed out the multiple issues related to software pre-installed on technology devices. Recent research has revealed various security flaws in software preinstalled on HP computer computers running Windows operating system.
The tool identified in the research is HP Support Assistant, responsible for device health monitoring and driver automation. Specialists claim that this tool contains ten serious security vulnerabilities, including two critical arbitrary file removal flaws, five local privilege escalation flaws, and three remote code execution errors.
Specialists note that this software is preloaded on all Windows 10 devices, as well as some Windows 8 and Windows 7 systems. Other manufacturers, such as Dell and Lenovo, use similar software, a practice known as “bloatware”.
HP iteration allows users to verify the most critical software and driver updates, as well as provide diagnostic tools that can address some hardware and software issues. However, cloud computing security service specialists point out that unlike other software tools, these applications do not have an adequate level of security, which could lead to multiple security drawbacks.
After the flaws were revealed, HP began working on the corresponding updates, although three un-updated vulnerabilities remain. The security risk remains dormant, as these flaws could allow threat actors to achieve high privileges on an affected system.
Although missing updates had been announced by the end of March, the coronavirus emergence has delayed some of HP’s projects. Faced with this situation, cloud computing security service specialists recommend uninstalling this tool to mitigate the risk of exploitation until the company releases the security patches.
The International Institute of Cyber Security (IICS) also recommends upgrading this software to the latest available version, which already has at least six fixed vulnerabilities. More information about fixed vulnerabilities and bugs that are still to be fixed is available on the company’s official platforms.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.