HP has announced a series of security updates for its HPScan software that it says could potentially be exploited by cybercriminals.
The company’s security updates will be distributed over the next three weeks, but the company says the updates will also be available to customers who are already running HPScan.
The new updates, announced today, are available to anyone who has purchased HPScan or is using HPScan for payroll, business and personal, or any version of HPScan that was purchased.
HP says customers will also get updates to the HPScan client software.
The updates are designed to mitigate and mitigate against the potential for the vulnerabilities outlined in a security advisory.
The security advisory, published today, also highlights a number of potential exploits for the vulnerability, which was discovered by HP employees who had access to the company’s internal security network.
“The vulnerability can be exploited to gain remote code execution and read/write access to system memory via a crafted payload,” HP says.
“An attacker who successfully exploited this vulnerability could execute arbitrary code in the context of the current user, or remotely execute code on the system via the HTTP protocol.”
A security advisory published on Tuesday by security firm Errata Security lists three ways an attacker could exploit the vulnerability.
“First, an attacker would need to gain administrative access to an affected system via a user account with administrative rights.
The second is via a web-based exploit.
The third is via phishing.”
The first two exploits are fairly simple, but both rely on the user account to be logged on.
“Third-party software that has not been patched yet is a likely candidate for the first attack vector,” the advisory warns.
The latest updates to HPScan also include a fix for a critical issue with the company-sponsored Windows desktop client.
HP has already released patches for several of the vulnerabilities it said could be exploited.
“HP has been actively working with the Office Product Security team to resolve these issues, and we continue to offer a patch release for these vulnerabilities as part of the Office 365 security update,” the company said in a statement.
® This story was updated on February 16 at 9:57am to include information about the latest security update to HP scan.