The software in question is ironically the HP Support Assistant, which is supposed to users with firmware and driver updates. The software had a number of vulnerabilities identified all the way back in October of last year and to date, HP has been unable to patch all of them (via TechRadar).
Best laptops in 2020Best laptop bags in 2020Dell XPS 13 (2020) review
The remaining vulnerabilities
Out of ten original vulnerabilities that were identified by security researchers in October 2019, HP has managed to address seven of them with a couple of software updates. Critically, this included three vulnerabilities that could be executed remotely. Those that remain are local privilege escalation vulnerabilities. With the proper malware, these flaws could be utilized to elevate permissions following an exploit which would, in turn, allow them to dig deeper on the already-compromised computer. According to Bill Demirkapi, the security researcher who uncovered the flaws, “It is important to note that because HP has not patched three local privilege escalation vulnerabilities, even if you have the latest version of the software, you are still vulnerable unless you completely remove the agent from your machine.”
What you should do
HP has been unable to fix the problem with patches or updates, but there is a solution to the problem to keep your system safe: remove HP Support Assistant and HP Support Solutions Framework entirely until HP is able to patch the problem. Fortunately, this is a simple enough task:
Go to SettingsSelect Apps and then Apps & featuresSelect HP Support Assistant from the listClick Uninstall and then confirm Yes in the dialog boxRepeat for HP Support Solutions FrameworkRestart your computer
