Hackers would need physical access to your computer to activate the keylogger.
Myng was in the process of inspecting the company's Synaptics Touchpad software to figure out how to control the backlight on his own HP laptop when he first discovered the keylogger. Many older Compaq models are on the list as well.
After consulting with HP he learned the keylogger is present within a huge range of Envy, Elitebook, Pavillion and ProBook laptops, dating all the way back to 2012. Customers can download the updated driver from HP's website.
The security researcher, nicknamed ZwClose, found the bug when they were investigating the driver for ways that it can be used to adjust keyboard lighting.
While it seems that the code's inclusion was accidental, it's still not a good look for HP, given that the manufacturer was found earlier this year to be using Conexant audio drivers that also contained a keylogger.
New Zealand wrap up Windies series with 240-run win
For the second time in two matches, the West Indies batsmen got himself out by hitting the wicket. The West Indies were in trouble at 30 for two by stumps with two full days of play remaining.
After messaging HP, the company replied to Myng and confirmed the keylogger, which he noted was actually a debug trace.
HP notes in an advisory the "potential security vulnerability" stems from certain versions of Synaptics touchpad drivers.
Before the issue was publicly disclosed, HP owned up to the mistake of leaving this tool inside of its laptops, and on November 7 posted device-specific patches for most of the models affected, which can be downloaded here.
HP said neither it nor Synaptics "has access to customer data as a result of this issue". Now, it appears there's yet another keylogger embedded in a piece of HP software. It also affected numerous models, including HP EliteBooks, ProBooks, and ZBooks.
The company issued a software update removing the keylogger, which is available from HP or through Windows Update.