Dell’s SupportAssist utility that comes pre-installed on millions of Dell laptops and PCs contains a security vulnerability that could allow malicious software or rogue logged-in users to escalate their privileges to administrator-level and access sensitive information.
Discovered by security researchers at SafeBreach Labs, the vulnerability, identified as CVE-2019-12280, is a privilege-escalation issue and affects Dell’s SupportAssist application for business PCs (version 2.0) and home PCs (version 3.2.1 and all prior versions).
Dell SupportAssist, formerly known as Dell System Detect, checks the health of your system’s hardware and software, alerting customers to take appropriate action to resolve them. To do so, it runs on your computer with SYSTEM-level permissions.
With this high-level privileges, the utility interacts with the Dell Support website and automatically detects Service Tag or Express Service Code of your Dell product, scans the existing device drivers and installs missing or available driver updates, along with performing hardware diagnostic tests.
However, researchers at SafeBreach Labs discovered that the software insecurely loads .dll files from user-controlled folders when run, leaving a spot for malware and rogue logged-in users to corrupt existing DLLs or replace them with malicious ones.
images from Hacker News