Yesterday, Swiss cybersecurity company modzero AG reported that they had discovered a keylogger from a laptop produced by Hewlett-Packard. The keylogger was found from an audio driver package digitally signed by the audio chip manufacturer Conexant. HP reacted immediately and released a fix for the issue in the form of a driver update, available both in Windows Update as well as at hp.com. The reason for the error was that the feature mistakenly made it into production code.
According to the findings, the keylogger captured all of the user’s keystrokes and saved them to a local log file in plain text. More technical details and a list of affected hardware product models are listed in modzero’s Security Advisory.
What should I do?
It is recommended that you update your systems with the HP-issued updated driver version immediately. The update will also remove any remaining log files from your computers.
You can find possibly affected systems by checking whether they contain the file C:\Windows\System32\MicTray.exe or MicTray64.exe.
Additional tip for Miradore customers
If you’re a Miradore customer using our IT Systems Management solution, you can easily find affected computers in your organization by analyzing the software and file inventories gathered with Miradore Management Suite.
Picture 1: You can for example search from the File scan view with the “file name = MicTray” filter, and you’ll see how many computers are affected in your environment. The affected files are MicTray.exe and MicTray64.exe by Conexant.
If you go on and click on the file name in the view, you’ll get to the File scan result item, where you can see a detailed list of the devices with the file or program installed (picture 2).
You can easily install the new drivers using a Miradore package. On top of that, you can also create an automation task which distributes the package automatically if additional affected devices are found by Miradore during upcoming inventory scans.