Computing giant Dell released a security advisory Thursday urging consumers to update their laptops and PCs to patch a security vulnerability the company says could have enabled hackers to access sensitive information.
The vulnerability, CVE-2019-12280, was identified in Dell's SupportAssist application for business (version 2.0) and home PCs (version 3.2.1 and prior).
The issue in SupportAssist could have allowed outsiders to take over a machine and read the stored physical memory, according to cybersecurity firm SafeBreach, which discovered and reported the vulnerability.
Since the troubleshooting program runs with system-level privileges, the researchers demonstrated it's possible to load insecure code libraries (dynamic link libraries or DLLs for short) from user-controlled folders specified via the PATH environment variable.
DLL files are loaded by programs — like SupportAssist — when they start up, but attackers can exploit this by corrupting existing DLLs or substituting them with malicious DLL files — which then inject code into programs that use those DLLs.
This vulnerability, caused by privilege escalation, would thus easily allow a hacker to gain control of a targeted system.
SafeBreach did not detail if hackers had already exploited the flaw, but it would've been an alluring target given the software comes pre-installed on millions of Dell laptops and PCs.
"This means that as long as the software is not patched, the vulnerability affects millions of Dell PC users," wrote security researcher Peleg Hadar.
SupportAssist is a software repair tool that proactively monitors the system for hardware and software issues, alerting customers to take appropriate action to resolve them.
Troublingly, Dell is not the only company that's shipping PCs with the vulnerable software.
As it happens, Dell doesn't actually make SupportAssist. The software itself is written and maintained by PC-Doctor, a Nevada-based diagnostics and customer support firm that offers specialized troubleshooting products to other electronic device makers.
"Leading computer makers have pre-installed over 100 million copies of PC-Doctor for Windows on computer systems worldwide," states the website, meaning the vulnerability also affects other original equipment manufacturers that rely on PC-Doctor.
This is not the first time SupportAssist has been under the scanner for security issues. Back in April, Dell patched a separate vulnerability in the utility that would have exposed Dell laptops and personal computers to a remote attack, allowing hackers to hijack a computer if the two machines shared a local internet connection.
Không có nhận xét nào:
Đăng nhận xét