Some HP laptops are vulnerable due to a now known bug that has an enormous security fail:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-8360
In simple words, Conexant the sound driver in the machines, keeps track of all the keystrokes in a text file named: MicTray.log
This file contains all the keystrokes that the user typed… It only takes to transcribe the key code to read it. You can find the codes that matches the keys here:
https://msdn.microsoft.com/fr-fr/library/windows/desktop/dd375731(v=vs.85).aspx
Example:
and:
Here, the affected laptops:
- § HP EliteBook 820 G3 Notebook PC
- § HP EliteBook 828 G3 Notebook PC
- § HP EliteBook 840 G3 Notebook PC
- § HP EliteBook 848 G3 Notebook PC
- § HP EliteBook 850 G3 Notebook PC
- § HP ProBook 640 G2 Notebook PC
- § HP ProBook 650 G2 Notebook PC
- § HP ProBook 645 G2 Notebook PC
- § HP ProBook 655 G2 Notebook PC
- § HP ProBook 450 G3 Notebook PC
- § HP ProBook 430 G3 Notebook PC
- § HP ProBook 440 G3 Notebook PC
- § HP ProBook 446 G3 Notebook PC
- § HP ProBook 470 G3 Notebook PC
- § HP ProBook 455 G3 Notebook PC
- § HP EliteBook 725 G3 Notebook PC
- § HP EliteBook 745 G3 Notebook PC
- § HP EliteBook 755 G3 Notebook PC
- § HP EliteBook 1030 G1 Notebook PC
- § HP ZBook 15u G3 Mobile Workstation
- § HP Elite x2 1012 G1 Tablet
- § HP Elite x2 1012 G1 with Travel Keyboard
- § HP Elite x2 1012 G1 Advanced Keyboard
- § HP EliteBook Folio 1040 G3 Notebook PC
- § HP ZBook 17 G3 Mobile Workstation
- § HP ZBook 15 G3 Mobile Workstation
- § HP ZBook Studio G3 Mobile Workstation
- § HP EliteBook Folio G1 Notebook PC
All this to say that taking advantage of this bug is as easy as it is dangerous.
HP has put at disposal a new hotfix: SP80323.exe
If your laptop appears in this list, please urgently update it!
Another way of doing it is deleting the executable, the log and all kind of automatic launch to prevent from this fail. To do so, delete MicTray.exe or MicTray64.exe, MicTray.xml or MicTray64.xml (both can be found under System32), delete the log in the Public repertoire and restart the machine!
This link will show you a PowerShell script cleaning the system!
https://github.com/jolegape/RemoveConexantKeylogger/blob/master/Remove_Conexant_Keylogger.ps1
Have a blast with this patch,
Security first!
@RioJoubert