H L Data Storage Store Banner 970x90
Breaking News

Klipsch announces the debut of its new Reference series speakers Sony WH-1000XM5 wireless headphones get latest noise canceling tech A Huge Step for Unprecedented Compatibility, MSI 300-series Motherboards Are Ready to Support Zen 3 Processors with AGESA Combo PI V2 1.2.0.7 A brand-new look for Android Auto TerraMaster Launches Partner Program Along with 9 New Professional NAS Products

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Dell's SupportAssist Software Puts Multiple Laptops At Risk

Dell's SupportAssist Software Puts Multiple Laptops At Risk

PC components Jun 21,2019 0

A vulnerability in PC-Doctor’s Dell Hardware Support Service software SupportAssist could open doors for attackers who can use it to achieve privilege escalation on Dell machines running Windows 10.

SafeBreach Labs have identified a vulnerability to the SupportAssist softare, which is preinstalled on most Dell PCs. The sofwtare uses components written by the PC-Doctor company in order to access sensitive low-level hardware (such as physical memory, PCI and SMBios). Provided that PC Dostor develops hardware-diagnostic software, this vulnerability affects additional OEMs which use a rebranded version of the PC-Doctor Toolbox for Windows software components.

SupportAssist proactively checks the health of the system's hardware and software. These health checks may require permissions at a high-permission level. In order to run with actions requiring high permissions, a signed driver is installed in addition to multiple services running as SYSTEM.

The security researchers targeted the "Dell Hardware Support" service based on the assumption such a critical service would have high permission level access to the PC hardware as well as the capability to induce privilege escalation.

After the Dell Hardware Support service starts, it executes numerous PC-Doctor executables which collect information about the OS and the hardware of the computer. All of these executables load DLL libraries which have the ability to collect information from different sources (software and hardware).

The researchers compiled a DLL (unsigned), which was executed as SYSTEM when they renamed it following:

  • LenovoInfo.dll
  • atiadlxx.dll

The researchers found that no digital certificate validation was made against the binary. The program doesn't validate whether the DLL that it will load is signed. Therefore, it will load an arbitrary unsigned DLL.

They also managed to print the content of an arbitrary physical memory address easily, using the vulnerability.

To prevent unsigned kernel-mode drivers from installing on the machine, Windows uses a mechanism called Driver Signature Enforcement. It crashes the system when it detects an unsigned driver being loaded.

But because of the vulnerability, the DSE has become useless. The program comes fitted with a driver that is already digitally signed and also authorized by Microsoft. So, the attacker might not need to load an unsigned driver to achieve read/write permissions.

According to Dell's website, SupportAssist is preinstalled on most of Dell devices running Windows. This means that as long as the software is not patched, the vulnerability affects millions of Dell PC users.

"The vulnerability gives attackers the ability to loaded and execute malicious payloads by a signed service. This ability might be abused by an attacker for different purposes such as execution and evasion," the researchers said.

Moreover, according to the security firm, the vulnerability (CVE-2019-12280) isn’t just limited to Dell. Like Dell, many other OEMs use a re-branded version of the diagnostic tool created by the PC Doctor:

  • CORSAIR ONE Diagnostics
  • CORSAIR Diagnostics
  • Staples EasyTech Diagnostics
  • Tobii I-Series Diagnostic Tool
  • Tobii Dynavox Diagnostic Tool

Dell has confirmed the existence of the bug after it was first reported back in April 2019. Further, the researchers have notified PC Doctor as well, and a security patch is expected to be released sometime in mid-June.

Dell has released security patches for the specific vulnerability.

Tags: DellCybersecurityHacking
Previous Post
U.S. Blacklists More Chinese Supercomputer Firms
Next Post
Researchers Create New Memory That Overcomes the Limitations of Current Storage Methods

Related Posts

  • Dell Announces the New Gold Standard for Entry Storage

  • XPS 13 Reinvents Itself, Embracing Simplicity as the New Premium

  • Hackers gain access to PS5 Debug Menu and show decrypted PS5 firmware files

  • HP Threat Research Shows Attackers Exploiting Zero‐Day Vulnerability Before Enterprises Can Patch

  • EA Gets hacked - 780GB of data and sourcecode stolen

  • Dell Announces 2021 Inspiron Series and XPS 13 with OLED Display

  • Transform Your Work Experience With New Dell Monitors

  • Dell to out new S2721DGF Monitor, HDR400 2560x1440 at 144 Hz

H L Data Storage Store Banner 300x600

 

Latest News

Klipsch announces the debut of its new Reference series speakers
Consumer Electronics

Klipsch announces the debut of its new Reference series speakers

Sony WH-1000XM5 wireless headphones get latest noise canceling tech
Consumer Electronics

Sony WH-1000XM5 wireless headphones get latest noise canceling tech

A Huge Step for Unprecedented Compatibility, MSI 300-series Motherboards Are Ready to Support Zen 3 Processors with AGESA Combo PI V2 1.2.0.7
PC components

A Huge Step for Unprecedented Compatibility, MSI 300-series Motherboards Are Ready to Support Zen 3 Processors with AGESA Combo PI V2 1.2.0.7

A brand-new look for Android Auto
Consumer Electronics

A brand-new look for Android Auto

TerraMaster Launches Partner Program Along with 9 New Professional NAS Products
Enterprise & IT

TerraMaster Launches Partner Program Along with 9 New Professional NAS Products

Popular Reviews

CeBIT 2005

CeBIT 2005

CeBIT 2006

CeBIT 2006

Zidoo Z9S 4K Media Player review

Zidoo Z9S 4K Media Player review

LiteOn iHBS112 review

LiteOn iHBS112 review

Club3D HD3850

Club3D HD3850

Pioneer BDR-2207 (BDR-207M) BDXL burner review

Pioneer BDR-2207 (BDR-207M) BDXL burner review

External USB Slim Recorders Comparison

External USB Slim Recorders Comparison

Crucial P1 NVMe 1TB SSD review

Crucial P1 NVMe 1TB SSD review

  • Home
  • News
  • Reviews
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed