Back in January I mentioned that HP’s Software Update Tool was vulnerable to attacks. That was limited to a support program installed on HP laptops. Now the problem appears to be worse than first thought.
A large number of HP’s printers (both laser and inkjet), scanners, cameras and PCs also include this tool. Version 126.96.36.199 or earlier is vulnerable. The problem has been resolved in the latest update, version 188.8.131.52.
So if you have an HP product on your computer check if HP’s Software Update Tool is installed, and the version number. You might need to upgrade it.
The risk is that a malicious web page can be created that activates some code in HP’s Software Update Tool and it can execute code on your computer. This is OK if you’re allowing HP to update your drivers, but it’s a bad thing if random strangers can do this.
Note that this only affects Windows users.
3 thoughts on “Update: HP Software Update Tool”
The problem is worse than that. The update won’t install on Vista:
You are right. I have been trying for days to get it to work but it just keeps shuting down the Total Care Advisor. I thought the TCA might be the problem instead of the actual update.
HP Product Detection 4.00.0004
Download: HP Update 184.108.40.206