Login

Register

Login

Register

Dell fixes privilege elevation bug in support software – Naked Security


Users of Dell SupportAssist should patch their software immediately to fix a software bug that could lead to arbitrary code execution, the PC vendor said this week.

SupportAssist is a Dell software product that comes preinstalled on most of its Windows-based endpoints. It performs diagnostic tasks and streamlines the creation of support tickets for Dell machines by sending back the appropriate data to Dell operatives. It can even provide predictive maintenance for users with premium accounts, warning of components that look like they’re close to failure.

According to a Dell advisory, a vulnerability in the program lets a locally-authenticated low-privilege user force the SupportAssist program binaries to load arbitrary dynamic-link libraries (DLLs). DLLs are executable files that can contain data and other resources, and they’re often used as a way to break down applications into modular parts.

By forcing the SupportAssist software to run a DLL, an attacker could have it run with the Dell application’s privileges, effectively mounting a privilege elevation attack.

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


Ads

NATIONAL CYBER SECURITY RADIO

Ads

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW