Rewterz Threat Alert – Metamorfo Returns with Keylogger Trick Targeting Financial Firms
February 11, 2020Rewterz Threat Advisory – Mozilla Releases Security Updates for Multiple Products
February 12, 2020Severity
High
Analysis Summary
Dell has patched a high-severity flaw in its SupportAssist software that could allow an attacker to execute arbitrary code with administrator privileges on affected computers. The uncontrolled search path vulnerability allows a local user to use DLLs to escalate privileges and affects Windows PCs. SupportAssist is “smart” software designed by Dell to alert the company of any problems on a customer’s hardware or software that may need to be resolved. The flaw, CVE-2020-5316, could allow a locally authenticated user with low privileges to “cause the loading of arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of arbitrary code.
The flaw affects both business and home users of Dell systems. SupportAssist comes preinstalled on most new Dell devices running Windows. In addition to the type of vulnerability recently found in SupportAssist, another DLL problem “where a local executable file or DLL could be overwritten by any user” exists as well. Although affecting tens of thousands of devices, these flaws can’t be easily exploited at scale. Updates are available.
Impact
- Privilege Escalation
- Arbitrary code execution
Affected Vendors
Dell
Affected products
Dell SupportAssist for business PCs version 2.1.3 or older
home PCs version 3.4 or older
Remediation
- All versions of SupportAssist automatically upgrade to the latest version available if automatic upgrades are enabled.
- Users can check which version they are running and upgrade to a newer version of SupportAssist if available.