Dell developers will again patch the SupportAssist utility that is preinstalled on most Dell Windows computers. This time, using Dell SupportAssist, it was possible to execute code locally with elevated privileges, and low privileges were required to exploit the vulnerability.

The issue has now been fixed with SupportAssist for Business PC version 2.1.4 and SupportAssist for Home PC version 3.4.1.

The vulnerability identified as CVE-2020-5316 was discovered by researchers at Cyberark. They note that it took Dell about three months to fix this problem, which is pretty good, as the company used to spend five months or more on patch releases.

The detected problem belonged to the hijacking DLL class, that is, it allowed the malicious DLL file to be placed in the system location from where the application ultimately downloaded this malicious file instead of the legitimate component. At this time, Dell SupportAssist tried to load the DLL from a folder that even a user without administrator rights could copy files to.

The problem is that SupportAssist works with SYSTEM privileges, and as a result it can interact with the Dell support site, automatically detect the Service Tag and Express Service Code of the device, scan existing drivers, install missing or available updates, and perform hardware diagnostic tests .

Thus, as a result of exploiting the bug, the attacker was able to execute his malicious code with the rights of NT AUTHORITY \ System.

It is worth noting that this is far from the first problem found and fixed in SupportAssist. For example, last year the utility already fixed a similar vulnerability CVE-2019-12280, and in 2018, another problem , also associated with a local privilege escalation.

Join our WhatsApp group

Twitter:  Rapidsafeguard
Instagram: Rapidsafeguard
Facebook: Theeasyhack
YouTube: Rapidsafeguard
LinkedIn: Rapidsafeguard

LEAVE A REPLY

Please enter your comment!
Please enter your name here