LPE Flaw In HP Touchpoint Analytics Threatened Numerous HP Devices

Heads up HP users! Your HP PC may have been exposed to a cybersecurity threat. Researchers have found a serious flaw affecting the HP Touchpoint Analytics software. Upon exploit, the vulnerability could allow an attacker to execute arbitrary code on the device with elevated privileges.

HP Touchpoint Analytics Flaw

A serious vulnerability has risked the security of most HP PCs. Researchers from SafeBreach Labs have found a security flaw in HP Touchpoint Analytics that allows hacking devices. The vulnerability allowed an adversary to elevate user privileges on the target device and execute arbitrary codes.

Specifically, they found a local privilege escalation vulnerability in the Open Hardware Monitor, a component used by HP’s monitoring program Touchpoint Analytics. Since this program is pre-installed in most Windows devices and runs with NT AUTHORITYSYSTEM permissions, a potential attacker could exploit the flaw to gain SYSTEM privileges.

Abusing this vulnerability could also allow an adversary to bypass app whitelisting and signature validation as well as evade security checks.

Patch Rolled Out – Update Now!

Upon discovering the flaw, the researchers reported the matter to HP, following which, the vendors released a fix. As stated in their advisory, the vulnerability CVE-2019-6333, affected HP Touchpoint Analytics software versions earlier than 4.1.4.2827. Users must ensure that their devices run this software version 4.1.4.2827 or more.

They have also given detailed procedures in their advisory for the users to check the software status on their devices.

Touchpoint Analytics is a pre-installed program on most Windows devices, including those running on Windows 10. According to HP, the program supposedly provides better support features by anonymously gathering device data.

While that sounds harmless, numerous users have complained about the program to result in high CPU usage. Some even suspected the software to be some ‘spyware’, to which, HP clarified its function. Nonetheless, many users also preferred to uninstall the program.

The following two tabs change content below.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Related