The Dell SupportAssist utility that comes preinstalled on millions of Dell laptops and computers contains a vulnerability that could allow malicious users or malware to balance their administrator privileges and access sensitive information.
Discovered by security researchers at SafeBreach Labs, the vulnerability identified as CVE-2019-12280 is a privilege escalation problem and affects Dell SupportAssist for business PCs (version 2.0) and home computers (version 3.2.1 and all previous releases ).
Dell SupportAssist, formerly known as the Dell Detection System, verifies the state of your system hardware and software by alerting customers to take the appropriate steps to resolve them. To do this, it runs on your computer with system permissions.
With these high-level privileges, the utility interacts with Dell's support site and automatically detects the service tag or service code of the Dell product, scans the existing device drivers, and installs driver updates that are missing or available. , along with conducting diagnostic testing of hardware.
However, SafeBreach Labs researchers have discovered that software suspends .dll files from user-controlled folders when they run, leaving space for malicious and unauthorized users to damage existing DLLs or to replace malicious files.
Therefore, when SupportAssist loads these infected DLLs, the malicious code is entered into the program and executed in the context of an administrator, allowing the attacker to gain complete control over a particular system.
"According to Dell's website, SupportAssist is pre-installed on most Dell devices that run Windows, which means that whenever the software is not fixed, vulnerability affects millions of Dell PC users," the researchers said.
What's worrying? Researchers believe that Dell is not the only company whose computers are affected by this particular security problem.
Since Dell SupportAssist is written and maintained by PC-Doctor and Nevada, other PC manufacturers that combine the same diagnostics and troubleshooting tools on their own computers with different names can also be vulnerable.
"After the SafeBreach workshops sent details to Dell, we discovered that this vulnerability affects additional OEMs using a brand-new version of the PC-Doctor Toolbox for Windows software components," the researchers said.
In addition, according to the PC-Doctor website, computer manufacturers have "pre-installed more than 100 million copies of PC-Doctor for Windows on computer systems around the world", which means that failure affects others. OEM based PC-Doctor for specialized problem-solving tools.
Since Dell's SupportAssist software uses a PC-Doctor-signed driver for access to memory and low-level hardware, researchers have shown this vulnerability to read the contents of an arbitrary physical memory as proof of the concept.
SafeBreach Labs reported vulnerability to Dell on April 29, 2019, and the company reported the problem to PC Doctor and released the PC-Doctor fixes on May 28 for affected SupportAssist releases.
It is recommended that Dell Business and Home PC users update their software on Dell SupportAssist computers for Enterprise Edition 2.0.1 and Dell SupportAssist for home computing version 3.2.2 respectively.