LPE Flaw In HP Touchpoint Analytics Threatened Numerous HP Devices

in escalatewindowsprivilege •  5 years ago 


Heads up HP users! Your HP PC may have been exposed to a cybersecurity threat. Researchers have found a serious flaw affecting the HP Touchpoint Analytics software. Upon exploit, the vulnerability could allow an attacker to execute arbitrary code on the device with elevated privileges.

HP Touchpoint Analytics Flaw


A serious vulnerability has risked the security of most HP PCs. Researchers from SafeBreach Labs have found a security flaw in HP Touchpoint Analytics that allows hacking devices. The vulnerability allowed an adversary to elevate user privileges on the target device and execute arbitrary codes.

Specifically, they found a local privilege escalation vulnerability in the Open Hardware Monitor, a component used by HP’s monitoring program Touchpoint Analytics. Since this program is pre-installed in most Windows devices and runs with NT AUTHORITY\SYSTEM permissions, a potential attacker could exploit the flaw to gain SYSTEM privileges.

Abusing this vulnerability could also allow an adversary to bypass app whitelisting and signature validation as well as evade security checks.

Patch Rolled Out – Update Now!


Upon discovering the flaw, the researchers reported the matter to HP, following which, the vendors released a fix. As stated in their advisory, the vulnerability CVE-2019-6333, affected HP Touchpoint Analytics software versions earlier than 4.1.4.2827. Users must ensure that their devices run this software version 4.1.4.2827 or more.

They have also given detailed procedures in their advisory for the users to check the software status on their devices.

Touchpoint Analytics is a pre-installed program on most Windows devices, including those running on Windows 10. According to HP, the program supposedly provides better support features by anonymously gathering device data.

While that sounds harmless, numerous users have complained about the program to result in high CPU usage. Some even suspected the software to be some ‘spyware’, to which, HP clarified its function. Nonetheless, many users also preferred to uninstall the program.

Posted from my blog with SteemPress : https://latesthackingnews.com/2019/10/11/lpe-flaw-in-hp-touchpoint-analytics-threatened-numerous-hp-devices/

escalatewindowsprivilege hp hpfirmwarevulnerability hplaptop hppc
5 years ago by

Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

  • Disagreement on rewards
  • Fraud or plagiarism
  • Hate speech or trolling
  • Miscategorized content or spam

Submit
$0.00
    2 votes
    1
    Authors get paid when people like you upvote their post.
    If you enjoyed what you read here, create your account today and start earning FREE STEEM!
    Sort Order:  
  • Trending
    • [-]
      ·  5 years ago 

    Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
    https://latesthackingnews.com/2019/10/11/lpe-flaw-in-hp-touchpoint-analytics-threatened-numerous-hp-devices/

    Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

    • Disagreement on rewards
    • Fraud or plagiarism
    • Hate speech or trolling
    • Miscategorized content or spam

    Submit
    $0.00