HP Keylogger Discovered Again

How many of your devices are affected?

A security researcher, Twitter name ZwClose, has uncovered that 460 models of HP devices come with pre-installed keyloggers. Embedded in the SynTP.sys file, attackers could navigate around User Account Control and activate this keylogger.

This is the second time this year that a built-in keylogger was discovered on HP devices. In May, it was revealed that an HP audio driver was storing a log of the user’s keystrokes.In a security bulletin, HP sought to ease the fears of their owners. “A party would need administrative privileges in order to take advantage of the vulnerability. Neither Synaptics nor HP has access to customer data as a result of this issue.” You can read more about the vulnerability and see a full list of effected device models.

Even though the keylogger is disabled by default, HP has released a driver update that should eliminate the issue. If you have any HP devices within your environment, you’ll want to update them immediately.

Take Action

With an IT management solution like Syxsense, it’s easy to see how many HP devices you have. You can run a scan to view every device with an IP address in your environment. Then a query can be created to view all HP models that are affected by the keylogger. Obtain the update from HP and upload it into the CMS console.

You can then take that query of HP devices and target it to rapidly deploy the update to any vulnerable endpoints. In no time at all, you’ll have detected, scanned, and patched all vulnerable HP devices.

Start a Free Trial

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.