HP has once again been forced to issue an emergency patch for its laptops after a driver-level keylogger was discovered by a security researcher. Michael Myng, aka "ZwClose," found the code in the Synaptics Touchpad SynTP.sys keyboard driver, which is used in virtually all HP laptops, while he was trying to find a way of adjusting the backlighting.
Although the keylogger is turned off by default, changing registry values could see it enabled, making it a target for malware programs such as Remote Access Trojans (RAT).
HP said the "potential security vulnerability" is found in more than 460 of its laptop models, including those in the EliteBook, ProBook, Pavilion and Envy lines. The company has released a full list of affected devices, some of which date back to 2012.
"A potential security vulnerability has been identified with certain versions of Synaptics touchpad drivers that impacts all Synaptics OEM partners. A party would need administrative privileges in order to take advantage of the vulnerability. Neither Synaptics nor HP has access to customer data as a result of this issue," wrote HP, who said the keylogger was actually a debug trace.
ZwClose says that a fix will also be issued as part of a Windows Update.
It was back in May when HP had to release a fix for a keylogger discovered by Swiss firm modezero that was buried in the Conexant HD audio driver and distributed by the firm since at least Christmas 2015. The company said the code had been mistakenly added to the software.