Dell SupportAssist Bug Exposes Business, Home PCs to Attacks

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
... ...
Could be used in binary planting attacks

As explained by Dell in its advisory, "A locally authenticated low privileged user could exploit this vulnerability to cause the loading of arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of arbitrary code."

This uncontrolled search path vulnerability reported by Cyberark's Eran Shimony is tracked as CVE-2020-5316, comes with a high severity CVSSv3 base score of 7.8, and it affects the following Dell SupportAssist versions:

• Dell SupportAssist for business PCs version 2.1.3 or earlier
• Dell SupportAssist for home PCs version 3.4 or earlier.

The company released Dell SupportAssist version 2.1.4 for business PCs and Dell SupportAssist version 3.4.1 for home PCs with fixes for the vulnerability.

Dell advises all customers to update the Dell SupportAssist software on their computers 'at the earliest opportunity,' seeing that all unpatched versions are vulnerable to attacks. If exploited, this vulnerability allows attackers to load and execute malicious payloads within the context of SupportAssist's binaries on unpatched machines.
... ...
 
Feb 8, 2020
46

dell has always not followed best security practices by allowing its various "dell enhancement" software that rely upon the various Windows interpreters to do the work

this is different though as it is a DLL exploit
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
The main idea behind this types of support tools ain't wrong IMO. It's just that it constant gets reported. The Never Ending Story!? :rolleyes:

Personal I always rips out this kind of software either it's a Dell, HP or Lenovo. Surprise surprise when the machine works better then almost ever.
 

JB007

Level 26
Verified
Top Poster
Well-known
May 19, 2016
1,574
Hello,
I just read this thread and verify the softwares installed on my Dell desktop.
Do you think it is necessary to uninstall the following softwares ?
Dell.PNG
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
Very good question as not all software is automatic Evil and must be cast back to hell, but some is. Please create a restore point and a backup with Macrium Reflect first, as I saw that available in your Computer configuration.

If you are 100% sure that you don't use and don't need the Dell Support Assist software, that's a good start. Even Dells Backup and Recovery seems and feels redundant as you already have Macrium.
 
Last edited:

JB007

Level 26
Verified
Top Poster
Well-known
May 19, 2016
1,574
Hi
Thanks @upnorth (y)
You are right, all my questions are very interesting (joke ;)).
OK I will create a restore point and uninstall DSAS.
Another(very good;)) question, do you think that if necessary I can reinstall it in the future ?
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
Another(very good;)) question, do you think that if necessary I can reinstall it in the future ?
Sure, if you actually feel and think it would come in handy anytime in the future. Dell of course got a page for it. I changed the link language so it will be easier for you to read. Just save it as a bookmark, either in your browser or this post here directly on MT.
ODXxZaJ1_o.png
 

JB007

Level 26
Verified
Top Poster
Well-known
May 19, 2016
1,574
Sure, if you actually feel and think it would come in handy anytime in the future. Dell of course got a page for it. I changed the link language so it will be easier for you to read. Just save it as a bookmark, either in your browser or this post here directly on MT.
ODXxZaJ1_o.png
Thanks @upnorth
I have bookmarked your post (y)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top