The software HP Touchpoint Analytics, which is preinstalled on many HP computers with Windows, uses the open-source hardware analysis library Open Hardware Monitor. A vulnerability discovered there (CVE-2019-6333) can be used by attackers who already have access to a system to gain system privileges and execute malicious code. HP has now released a security update for Touchpoint Analytics to fill this gap. The vulnerability could, among other things, cause malicious code running on the system to widen its rights and circumvent anti-virus software. For example, if an attacker succeeds in getting a trojan past the AV software onto the system and tempts the user under an excuse to execute it, he could use this gap to take over the system. This is particularly critical because many HP customers will not even realize that HP Touchpoint Analytics is installed on their system and running in the background.
The gap is an error in the Open Hardware Monitor when loading system libraries (DLLs). An attacker could take advantage of the bug to bring a malicious DLL to the system and load it instead of a legitimate DLL. Since no signature check takes place here, arbitrary code can be introduced and executed with system rights. The vulnerability was discovered by security researchers from SafeBreach. Owners of HP systems on which Touchpoint Analytics is installed should ensure that the software has been updated to at least version 220.127.116.1127 – this release addresses the vulnerability. Even users who have installed the Open Hardware Monitor themselves, whether on HP systems or Windows machines from other manufacturers, should make sure that the latest version of this software is installed.