HP Touchpoint Analytics (Telemetry) Execution of Arbitrary Code

Topic

New Reply

A potential security vulnerability has been identified with certain versions of HP Touchpoint Analytics prior to version 4.1.4.2827.
This vulnerability may allow a local attacker with administrative privileges to execute arbitrary code via an HP Touchpoint Analytics system service….

https://support.hp.com/us-en/document/c06463166

Reply | Quote

Replies

HP Touchpoint is part of the HP Support Assistant agent that comes pre-installed with HP PCs. Touchpoint collects data on the working condition of the PC that only shares with HP’s servers if one asks for the Assistant to make a check and produce a report on the PC status. I have this agent in mine turned off, as my machine is now eight years old, so I would have to turn on the agent only if I needed its help in replacing something worn out or broken (with only one such replacement, so far: a new battery appropriate to my PC’s model).

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote