[German]Vendor Dell has now reacted to a DLL hijacking vulnerability CVE-2019-19705 in Realtek audio drivers and published a corresponding security advisory. Here is some information.
I had reported the problem in February 2020 in the blog post Realtek closes a DLL Hijacking Vulnerability in HD Audio driver. There was a DLL hijacking vulnerability in the Realtek HD audio driver package which the manufacturer has closed by an updated. The vulnerability was reported to Realtek on July 10, 2019, and closed with a patch on December 13, 2019. The fix can be found in the Realtek HD Audio driver package ver.8857 or later. Driver versions prior to 8855 created with Microsoft Visual Studio 2005 (VS2005) are still vulnerable to attacks. More details about the CVE-2019-19705 vulnerability are available in the blog post linked above and in this SafeBreach Labs article.
A certain problem is that Realtek did not offer updated drivers on their web pages. Blog reader EP points out in this March 2020 comment that there is an ASUS Realtek HDA legacy driver v6.0.8858.1. However, this driver only works with certain ASUS notebooks.
For Lenovo Lenovo ThinkCentre, Realtek HDA legacy drivers version 6.0.8881.1 are available from this Lenovo site.
Dell has now also published a Advisory
In this comment blog reader EP announces that Dell has released the DSA-2020-131: Dell Client Platform Security Update Security Advisory for Realtek Vulnerability Security Advisory. Dell clients require a security update to address vulnerabilities that have been fixed in Realtek Audio Driver. Dell provides several Realtek audio drivers to close the vulnerability CVE-2019-19705, which are listed on the Advisory page. The drivers can be downloaded for the device models from Dell's Drivers and Downloads page.
Cookies helps to fund this blog: Cookie settings