ModZero is warning the issue (CVE-2017-8360) could lead to the leaking of sensitive user information, such as passwords. Anyone with access to the unencrypted file system could recover the data. Furthermore, since the program isn't considered malicious, malware authors wouldn't have trouble capturing victim's keystrokes either. Researchers say the keylogger comes registered as a Microsoft Scheduled Task, so it runs after each user login. While the file is overwritten each time, ModZero says it could easily be recruited by a running process or analyzed by someone with forensic tools.

Researchers surmised the software has been recording keystrokes since version 1.0.0.31 was released, on Christmas Eve 2015, but stress that the same problem exists in the most recent version, 1.0.0.46, released last October.

ModZero also warns the audio driver comes installed on a slew of HP machines, including its EliteBook, Elite x2, ProBook, and ZBook lines, but could exist in other machines. The company also delivers audio drivers for Dell, Lenovo, and Asus machines although at this point it's not certain they feature the same audio driver.

The firm says the following HP products are affected however: