Dell developers will again patch the SupportAssist utility preinstalled on most Dell Windows computers. This time, using Dell SupportAssist, it was possible to execute code locally with elevated privileges, and low privileges were required to exploit the vulnerability.
The issue has now been fixed with the release of SupportAssist for Business PC version 2.1.4 and SupportAssist for Home PC version 3.4.1.
Identifier Vulnerability CVE-2020-5316, researchers at Cyberark discovered. They note that it took Dell about three months to fix this problem, which is pretty good, as the company used to spend five months or more on patches.
The detected problem belonged to the hijacking DLL class, that is, it allowed the malicious DLL file to be located in the system location from where the application ultimately downloaded this malicious file instead of the legitimate component. At this time, Dell SupportAssist tried to load the DLL from a folder that even a user without administrator rights could copy files to.
The problem is that SupportAssist works with SYSTEM privileges, and as a result it can interact with the Dell support site, automatically detect the Service Tag and Express Service Code of the device, scan existing drivers, install missing or available updates, and perform hardware diagnostic tests .
Thus, as a result of exploiting the bug, the attacker was able to execute his malicious code with the rights of NT AUTHORITY System.
It is worth noting that this is not the first problem found and fixed in SupportAssist. For example, last year the utility already fixed a similar vulnerability CVE-2019-12280, and in 2018 one more problemalso associated with local privilege escalation.