HP Support Assistant is a useful software utility provided by HP for users to download and install necessary firmware and software, check performance-related metrics, run some basic troubleshooting, and more. However, the tech giant warned that it found a security vulnerability in the application that could lead to privilege escalation using the DLL hijacking method. HP has assigned a severity rating of High for the new flaw with a CVSS v3.1 base score of 8.2.

The problem is precisely present in your Performance Tune-up diagnostic tool. In its security bulletin, HP explains the problem:

Increased privileges in HP Support Assistant

HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. HP Support Assistant uses Fusion to launch HP Performance Tune-up. It is possible for an attacker to exploit the DLL hijacking vulnerability and elevate privileges when Fusion launches the HP Performance Tune-up.

HP has also listed vulnerable software versions to avoid:

Therefore, HP PC owners are advised to download and install HP Support Assistant version 9.11 from the company’s official website here.