HP has released a software update for its laptop models to fix a vulnerability that allows an attacker to turn a debugging code into a keylogger.
HP has released a software update for its laptop models to fix a vulnerability that allows an attacker to turn a debugging code into a keylogger.According to HP, more than 475 models are affected by the potential security vulnerability.Michael Myng, a security researcher who discovered the flaw, said that keylogger was disabled by default, but the attacker could enable it by setting a registry value.The debugging code which can be turned into keylogger was found in the Synaptics Touchpad SynTP.sys file.HP has confirmed the flaw and said that “A potential security vulnerability has been identified with certain versions of Synaptics touchpad drivers that impacts all Synaptics OEM partners. A party would need administrative privileges in order to take advantage of the vulnerability. Neither Synaptics nor HP has access to customer data as a result of this issue”.The keylogger saves the scan code into a WPP trace which is a technique used by developers to debug code.Myng said by changing the value in the windows registry he was able to enable to keylogging feature.
You may be interested in reading: India Government Listed 42 Chinese Apps as Spyware and Instructs to Remove themHow to check whether your device is affected or not
- In your HP laptop go to C:WindowsSystem32drivers folder
- Open properties of SynTP.sys driver
- In properties click details
- In details check the product version if it is 19.3.11.37 16Aug16 then your device is installed with driver containing keylogger feature
- Immediately download the latest driver software for your device from HP support page
Read more on: New Targeted Attack in Middle East By Exploiting CVE-2017-11882 Microsoft Vulnerability