Sometimes preinstalled tools on technology devices can cause more problems than an external threat, as happened to Dell. The tech company revealed that a critical vulnerability detected in SupportAssist, a preinstalled program for problem correction; according to network security specialists, exploiting this flaw could allow a local hacker to upload malicious files with administrator privileges.
In its report, Dell mentions that a locally authenticated least-privileged user could exploit the vulnerability to load arbitrary DLLs using SupportAssist binaries, which would trigger high-malware execution privileges in the target system.
This tool works like a malware scanner present in system hardware and software; if a problem is detected, information is sent to Dell to initiate a troubleshooting process. SupportAssist then attempts to load a DLL from a directory in which any user without administrator privileges can write.
Network security experts say that these kinds of errors are common, although unlike this case, most require administrator privileges on the exposed system for exploitation: “An unprivileged threat actor can write a DLLs that Dell SupportAssist might load, getting the code executed inside the software that runs with the NT AUTHORITY-System privileges,” says Eran Shimony, the researcher in charge of reporting this flaw.
The vulnerability, tracked as CVE-2020-5316, is considered “high-severity”, and impacts SupportAssist Enterprise v2.1.3 as well as Home Use SupportAssist v3.4 and earlier. The company has already addressed the vulnerabilities; users should upgrade to version 3.4.1 to mitigate the risk of exploitation.
As mentioned at the beginning of the article, exploiting this flaw requires local access, so a potential attacker will need to log on to the network, increasing the complexity of the attack, network security experts mention. However, if the threat actor manages to enter the network, it could completely compromise the target device, so exposed device administrators should not miss updates to this security tool.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.