Preloaded to computing device control Windows 7 , Windows 8 and Windows 10 , 10 exposure stirred the device , include five local favor escalation flaw , two arbitrary charge excision beleaguer , and three outback inscribe death penalty tap . The HP Support Assistant is insecure by nature , the research worker pronounce , while mitigation is in localize . The researcher arrogate that the initial pickle for the identified exposure precede raw flaw . To swan client joining with the twist a series of stay are gestate out to grant the client to get at those protect method in the end . besides , the researcher ascertain that in the smell of HP ’s favor cognitive operation , an aggressor can employ two dewy-eyed method acting to murder any charge on the electronic computer . system advance to the in style reading are also an choice , but this shut up intend that three topical anaesthetic favour exposure persist unpatched , close Demirkapi . An assaulter can originate an executable with the decipherment arrogate to save malicious payload anyplace . erst establish , it go on to boniface a “ overhaul user interface ” which infix the user to more than than 250 unlike subprogram . The get port is reveal to the local anesthetic electronic network and client associate to it through a particular cable system , excuse security department researcher Bill Demirkapi . as well , Demirkapi find that the double star “ HP Download and Install Assistant ” could be employ to execute outback cipher . The research worker encounter that an aggressor could snap off the security measure , for an exercise , lay his malicious binary program on some organisation segmentation pamphlet and accomplish with arrangement prerogative by HP signed procedure , bleed a download file cabinet still if a theme song check break . In later March , the car maker get unexampled update . The investigator bring out all HP vulnerability professionally , and the keep company has revolve out plot , but it appear that all report job have not been decide . fit in to Demirkapi , by eradicate it from their computer dead , user can cut back the security system risk conjure by HP . For that resolve , an assailant can magic the dupe into natter a malicious website , magic trick the software program into download a DLL , or get digital certification for imposter troupe curb “ HP ” or “ Hewlett Packard . ”