Dell has patched a high-severity flaw in its SupportAssist software that could allow an attacker to execute arbitrary code with administrator privileges on affected computers.
The flaw, an uncontrolled search path vulnerability that is being tracked as CVE-2020-5316, could allow a locally authenticated user with low privileges to âcause the loading of arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of arbitrary code,â Dell wrote in its explanation of the bug.
The latest bugâdiscovered by CyberArk security researcher Eran Shimony, who notified Dellâaffects both business and home users of Dell systems. The vulnerability exists in Dell SupportAssist for business PCs version 2.1.3 or older and home PCs version 3.4 or older, according to Dell.
âAll versions of SupportAssist automatically upgrade to the latest version available if automatic upgrades are enabled. Customers can check which version they are running and upgrade to a newer version of SupportAssist if available,â Dell said. Customers can check the version of their software via the program itself and can also follow the steps to manually upgrade their software.
SupportAssist is âsmartâ software designed by Dell to alert the company of any problems on a customerâs hardware or software that may need to be resolved, according to the company.
âSupportAssist proactively checks the health of your systemâs hardware and software,â the company said in its description of the software. âWhen an issue is detected, the necessary system state information is sent to Dell for troubleshooting to begin.â
The latest flaw in the software has a CVSSv3 base score of 7.8, but is potentially most dangerous because it affects so many machines. According to Dell, SupportAssist comes preinstalled on most new Dell devices running Windows.
Moreover, itâs probably not a one of a kind problem, which means there are similar vulnerabilities that exist across numerous systems but remain undetected, said Roger Grimes, data driven defense evangelist at KnowBe4.
âThis problem and others like it are a lot more widespread than just Dell alone,â he said in an e-mail to Threatpost. âItâs probably one of the most common under reported vulnerabilities and likely exists across tens of thousands if not hundreds of thousands of different, unrelated programs impacting many tens of millions of computers.â
The reason for this is that DLL vulnerabilities, while common, are not standalone problems, Grimes said. In addition to the type of vulnerability recently found in SupportAssist, another DLL problem âwhere a local executable file or DLL could be overwritten by any userâ often exists as well, he said.
Moreover, these flaws also affect other parts of a computer system, Grimes said. âThe key was besides finding one of these two flaws you had to find a program that relied on an executable or DLL that was running in an elevated context, like SYSTEM,â he said. âItâs not that hard to find these two things existing together at the same time.â
These vulnerabilities remain largely unreported because security researchers arenât particularly interested in them, he said. However, neither are hackers, because âthey canât be easily exploited at scale,â Grimes said.
âThese days itâs all about remotely executing code or client-side exploits where you trick an end-user into doing something they shouldnât,â he said.
However, âfor penetration testers who have local access and are looking for privilege escalation exploitsâ vulnerabilities like the one recently found in SupportAssist âreally arenât that hard to find,â he noted.
_Learn how Operational Technology and Information Technology systems are merging and changing security playbooks in this free Threatpost Webinar. Join us _Wednesday, Feb. 19 at 2 p.m. ET_ when a panel of OT and IT security experts will discuss how this growing trend is shaping security approaches for IoT and 5G rollouts. This webinar is for security and DevOps engineers, IoT edge developers and security executives._
attendee.gotowebinar.com/register/2652328115100076035?source=art
downloads.dell.com/serviceability/catalog/SupportAssistInstaller.exe
threatpost.com/newsletter-sign/
twitter.com/EranShimony
www.dell.com/support/article/pt/pt/ptbsdt1/sln320101/dsa-2020-005-dell-supportassist-client-uncontrolled-search-path-vulnerability?lang=en
www.dell.com/support/article/us/en/04/sln320101/dsa-2020-005-dell-supportassist-client-uncontrolled-search-path-vulnerability?lang=en
www.dell.com/support/article/us/en/04/sln320101/dsa-2020-005-dell-supportassist-client-uncontrolled-search-path-vulnerability?lang=en
www.knowbe4.com/