A newly-identified privilege escalation flaw in Dell SupportAssist could leave millions of Dell PCs and laptops vulnerable attack.
Threat actors could employ malicious software to elevate their privileges to administrator level and hijack the device for their nefarious purposes.
The flaw affects both the home 9 (v 3.2.1 and prior) and business (v 2.0) versions of the SupportAssist utility, previously known as Dell System Detect. This utility checks system software and hardware to identify issues and suggest changes that can be made to correct any problems.
The utility requires system-level permissions to perform these functions. Those high-level privileges are used to interact with the Dell Support website, detect the tag and code of products, and install missing or corrupted drivers and can perform driver updates.
SafeBreach Labs’ security researchers discovered a flaw in the way the software loads DLL files from user-controlled folders when the software is run. The flaw could potentially be exploited by malware, or by a user who is logged in, to corrupt DLLs and replace them with malicious files.
After being exploited, SupportAssist would use the malicious DLLs which will be executed with system-level privileges. As such, an attacker could exploit the vulnerability to take full control of a vulnerable system.
Until a patch is issued for the flaw, millions of users are vulnerable to attack.
PC Doctor, not Dell, is responsible for writing and maintaining the SupportAssist utility in which the flaw was found. The same software is supplied to other PC brands to use in similar diagnostics tools. This flaw could, therefore, affect other PC manufacturers and hundreds of millions of devices.
