Laptops coming with bloatware is a huge pain in the arse as it is, but matters get a thousand times worse when that bloat compromises security. It happened to Lenovo more than once, and now it's happened to HP.
Security company Modzero found a keylogger hidden inside Conexant audio driver. As the name suggests that keylogger records keyboard input in a log file. The log isn't being sent anywhere, but if someone knew where to look, and were to access the PC (in person or via a piece of malware), they could access the log file and see everything you've ever written. That includes potentially sensitive information like passwords.
Modzero has a list of the laptops affected, which includes some from the Elitebook, Elite, Zbook, and Probook range. HP has also reacted quickly, and has already released a patch (via Windows Update) for any of the laptops released in 2016. 2015 models will be getting a fix sometime later today.
If your laptop has been affected, make sure to get that update installed pronto!
HP has released a statement reassuring customers that the logger has not given them access to any sensitive data, saying:
HP is committed to the security and privacy of its customers and we are aware of the keylogger issue on select HP PCs. HP has no access to customer data as a result of this issue. Our supplier partner developed software to test audio functionality prior to product launch and it should not have been included in the final shipped version."