“The vulnerability, reported by SafeBreach, concerns the Dell SupportAssist software that is pre-installed in millions of machines across the world”
Earlier today, Dell disclosed a new vulnerability that yet again concerns the Dell SupportAssist pre-loaded software. The flaw, discovered by SafeBreach and detailed by security researcher Peleg Hadar, reveals a high-level breach that would allow any remote hacker to access root-level DLLs, and insert malicious code at the deep system level in order to take over a system and gain access to the physical storage device of a laptop or a PC.
The vulnerability is labelled CVE-2019-12280, and affects the Dell SupportAssist software v2.0 and prior for business PCs, and v3.2.1 and prior for personal machines. With this vulnerability, after remotely inserting malicious DLLs into the system, attackers could take advantage of the system-level DLLs that have complete access to a PC, seeing that all maintenance software has deep-level access to a device. While SafeBreach did not reveal whether this flaw has been misused so far, it did state that the vulnerability affects more devices than just Dell’s own.
The reason behind this is that the firmware is built by PC-Doctor, which writes and maintains system maintenance software for multiple OEMs. As a result, the actual number of affected devices could be much higher, and run to the tune of nearly 100 million laptops and desktops across the world. This means that any service that uses the PC-Doctor software with deep-level system access will come with such vulnerability, and given the critical level of flaw, should also see a patch rolled out soon.
It is important to note that Dell had recently encountered a similar vulnerability with the SupportAssist software, which allowed attackers on the same internet network to take over a machine remotely and gain root-level access. This, in turn, could lead to a flaw where attackers could insert ransomware and other malicious code, and given that Dell is one of the biggest OEMs for laptops and PCs, represents a security risk that has been recurrent in nature.
Dell’s patch for the latest vulnerability is now ready, and any user of the brand’s machines should update their devices immediately.