HP pushes out second keylogger patch

HP Inc has pushed out a fix to remove a keystroke logging feature in the audio driver software bundled with HP Inc notebooks that could leak sensitive private and confidential information.

Earlier this month Swiss security vendor ModZero discovered that the MicTray64.exe audio driver and utility coded by HP Inc supplier Connexant recorded all user keystrokes and scancodes, and saved them in a world-readable file in a public Windows directory set up for file sharing.

The data captured by the audio driver included logins and and passwords.

Although the company initially refused to contact ModZero about the security issue, HP Inc has now acknowledged the matter and published a security advisory.

"A potential security vulnerability caused by a local debugging capability that was not disabled prior to product launch has been identified with certain versions of Conexant HD audio drivers on HP products. HP has no access to customer data as a result of this issue," HP's product security response team said.

An earlier patch issued by HP on May 14 simply turned off the keylogging feature rather than removing it, ModZero said.

ModZero researcher Thorsten Schröder said this meant the keylogging feature could be re-enabled simply by changing two settings in the Windows Registry configuration database.

As a result, it was relatively easy to repurpose the audio driver to create keylogging spyware, with researcher "DiabloHorn" posting an proof of concept article on how to do so.

HP Inc said there are now SoftPaq updates available for the affected notebook computers that contain the keylogging functionality.