Critical Vulnerability in Dell SupportAssist (Feb. 2020)

Posted on 2020-02-10 by guenni

[German]Dell SupportAssist, which ships with Dell's Windows systems, contains a serious vulnerability in older versions that allows the execution of arbitrary code with administrative privileges. 

Advertising

German Blog reader Ralf Lindemann already pointed out yesterday in this comment the warning about the Dell SupportAssist vulnerability (thanks for that).

There is (once again) a serious vulnerability in Dell SupportAssist, which "allows the execution of arbitrary program code with administrator rights".

Dell has issued security advisory DSA-2020-005: Dell SupportAssist Client Uncontrolled Search Path Vulnerability CVE-2020-5316, that affects the following products:

# Dell SupportAssist for business PCs, Version 2.1.3 or earlier
# Dell SupportAssist for home PCs, Version 3.4 or earlier

It appears to be a DLL hijacking vulnerability that could allow a locally authenticated, low privileged user to attack a system. The vulnerability could be exploited to cause the SupportAssist binaries to load arbitrary DLLs. Since Dell SupportAssist runs with administrative privileges, this would allow an attacker to execute arbitrary code with those privileges.

Dell writes that the Dell SupportAssist for Business PCs and the Dell SupportAssist for Home PCs have been updated to address an uncontrolled exploitation of the search path vulnerability.  

Advertising

All versions of SupportAssist are automatically upgraded to the latest available version if automatic upgrades are enabled. Customers can check which version they are running and upgrade to a newer version of SupportAssist if available.

To perform a manual update, open SupportAssist. In the upper right corner of the SupportAssist window, click the "Settings" icon and then click "About SupportAssist". SupportAssist automatically checks if a newer version of SupportAssist is available.

It is strongly recommended to upgrade to version 2.1.4 or 3.4.1. Unfortunately, this case again reveals which crap-ware the OEM providers install on their PCs, allegedly for the benefit of their customers, and then open vulnerabilities.

Similar articles:
Dell devices: RCE vulnerabilities in SupportAssist Client
Lenovo ships Superfish adware preinstalled on systems
ShadowHammer: ASUS Live Update infected with backdoor

Cookies helps to fund this blog: Cookie settings
Advertising

This entry was posted in Security, Software, Update, Windows and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *