Update: HP Software Update Tool

Back in January I mentioned that HP’s Software Update Tool was vulnerable to attacks. That was limited to a support program installed on HP laptops. Now the problem appears to be worse than first thought.

A large number of HP’s printers (both laser and inkjet), scanners, cameras and PCs also include this tool. Version 4.0.9.2 or earlier is vulnerable. The problem has been resolved in the latest update, version 4.0.10.8.

So if you have an HP product on your computer check if HP’s Software Update Tool is installed, and the version number. You might need to upgrade it.

printerThe risk is that a malicious web page can be created that activates some code in HP’s Software Update Tool and it can execute code on your computer. This is OK if you’re allowing HP to update your drivers, but it’s a bad thing if random strangers can do this.

Note that this only affects Windows users.

  1. The problem is worse than that. The update won’t install on Vista:
    http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1223873

  2. You are right. I have been trying for days to get it to work but it just keeps shuting down the Total Care Advisor. I thought the TCA might be the problem instead of the actual update.

  3. HP Product Detection 4.00.0004

    Download: HP Update 4.0.9.2

Leave a Comment


NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>