Amateur mistake leaves PCs with Dell Support Assistant vulnerable to privilege escalation attack

Security research company SafeBreach Lab has discovered a vulnerability in Dell’s SupportAssist utility, bundled with tens of millions of Dell PCs, which could allow unauthorized local users or low-privilege apps to take control of a PC.

The issue is that the SupportAssist app runs with SYSTEM privileges, which allows the app to install new drivers and other updates for example, but that it loads DLLs from locations which are under the control of low privileged users, meaning malicious DLLs could be injected which would allow hackers to do whatever they want.

“According to Dell’s website, SupportAssist is pre-installed on most of Dell devices running Windows. This means that as long as the software is not patched, the vulnerability affects millions of Dell PC users,” the researchers say.

The extent of the issue is exacerbated by the fact that the software is actually used on more than Dell PCS, as Dell’s SupportAssis is actually white-label software by PC-Doctor, which the company says is on more than 100 million PCs.

Fortunately, PC-Doctor has already issued an update to address the problem, with Dell SupportAssist for Business PCs version 2.0.1 and Dell SupportAssist for Home PCs version 3.2.2 but no longer vulnerable.

This is however not the first time Dell’s PC management software has caused an issue, as in April this year, Dell has a more serious issue of a critical remote code execution vulnerability in SupportAssist, which would allow hackers to remotely install malicious software on your PC. The episodes suggest users may be safer if companies leave PC software maintenance to Microsoft, who, while not perfect, would at least take ownership of the issue.

Via TheHackerNews