Back in January I mentioned that HP’s Software Update Tool was vulnerable to attacks. That was limited to a support program installed on HP laptops. Now the problem appears to be worse than first thought.
A large number of HP’s printers (both laser and inkjet), scanners, cameras and PCs also include this tool. Version 22.214.171.124 or earlier is vulnerable. The problem has been resolved in the latest update, version 126.96.36.199.
So if you have an HP product on your computer check if HP’s Software Update Tool is installed, and the version number. You might need to upgrade it.
The risk is that a malicious web page can be created that activates some code in HP’s Software Update Tool and it can execute code on your computer. This is OK if you’re allowing HP to update your drivers, but it’s a bad thing if random strangers can do this.
Note that this only affects Windows users.