Information security specialist Michael Ming (ZwClose) reported a potential vulnerability in almost 500 models of HP notebooks. In the Synaptics touchpad driver, a hidden function was found that tracks all keystrokes on the keyboard. By default, this keylogger is disabled, but if the attackers gain access to the system, you can activate it bypassing the protection of UAC and changing only a few keys in the Windows registry.
Michael Ming spoke about his discovery at HP, and the company urgently patched the hole in safety. The keylogger in the SynTP.sys file was intended for testing and debugging. Apparently, the developers forgot to remove it from the code of the final version. The HP website has already published a full list of vulnerable laptops, starting with the 2012 model year. Here you can download the corrected driver (the installation via Windows Update will also work).
Perhaps not only HP
The HP website reports that the driver with a surprise was distributed to all Synaptics OEM partners. It is possible that the vulnerability affects laptops of other manufacturers, although so far there has been no confirmation of this.
By the way, in the spring of 2017, experts found a keylogger as part of the Conexant audio driver on HP portable computers. The program saved information about keystrokes in a local file that anyone can read.
Read in Russian: На ноутбуках HP снова обнаружили кейлоггер