Recently, SafeBreach Labs security researchers revealed a privilege escalation vulnerability (CVE-2019-6333) in a pre-installed HP computer, HP Touchpoint Analytics that could allow an attacker to completely take over the system.
It is understood that HP Touchpoint Analytics software mainly collects diagnostic data about hardware performance and transmits the data to Hewlett Packard to help technicians diagnose problems. In order to collect information among various software drivers and other components, the application was whitelisted and given administrator privileges.
The researchers found that when HP Touchpoint Analytics was activated, the app would try to load a DLL file that was lost. The hacker can change the name of the malicious DLL file to the name of the missing file and then automatically execute the malicious file command. Once the intrusion is successful, the hacker can easily escalate his privilege to the SYSTEM level, bypassing various defenses and even taking over the system.
According to SafeBreach, tens of millions of HP computers will be affected because of this vulnerability exists in all older versions of HPTouchpoint Analytics (below 220.127.116.1127). Currently, HP has released the HP Touchpoint Analytics Client version 18.104.22.16827 to fix this vulnerability.