CVE-2022-38395

Name of the Vulnerable Software and Affected Versions HP Support Assistant version 9

Description The issue is related to a DLL hijacking vulnerability in HP Support Assistant, which uses HP Performance Tune-up as a diagnostic tool. This vulnerability can be exploited by an attacker to elevate privileges when Fusion launches the HP Performance Tune-up. The exploitation is possible if the attacker has already gained initial access to the vulnerable system.

Recommendations For HP Support Assistant version 9, update to the latest version through the Microsoft Store. As a temporary workaround, consider disabling the HP Performance Tune-up tool until a patch is available. Restrict access to the Fusion module to minimize the risk of exploitation.