California-based cyber security firm SafeBreach has discovered a vulnerability in Dell PCs that potentially puts millions of users’ information at risk.
The vulnerability, CVE-2019-12280, was identified in Dell’s SupportAssist application for business (version 2.0) and home PCs (version 3.2.1 and prior).
Dell is the third biggest PC maker behind Lenovo and HP respectively.
Dell SupportAssist is software pre-installed on most Dell PCs. The software proactively checks the health of the system’s hardware and software.
These health checks may require high-level permissions. In order to run with actions requiring high permissions, a signed driver is installed in addition to multiple services running on the system.
The issue in SupportAssist could have allowed hackers to take over a machine and read the stored physical memory, according to SafeBreach, which discovered and reported the vulnerability to Dell.
Peleg Hadar, security researcher at SafeBreach Labs, says: “In our initial exploration, we targeted the Dell Hardware Support service based on the assumption that such a critical service would have high permission level access to the PC’s hardware as well as the capability to induce privilege escalation.”
He adds that after the Dell Hardware Support service starts, it executes DSAPI.exe, which, in turn, executes pcdrwi.exe, both run as SYSTEM.
“Next, the service executes numerous PC-Doctor executables that collect information about the OS and the computer’s hardware. These executables are actually regular PE files, but have a different extension – ‘p5x’. All of these executables load DLL (dynamic link library), which have the ability to collect information from different sources (software and hardware).”
So far, Dell has issued a security advisory notice, although the company gives little detail about the problem.
“Dell SupportAssist for Business PCs and Dell SupportAssist for Home PCs require an update to the latest versions to address a security vulnerability within the PC-Doctor component,” the company says.
“The PC-Doctor component in Dell SupportAssist for Business Systems and Dell SupportAssist for Home PCs has been updated for the following vulnerability: PC-Doctor CVE-2019-12280.
“Dell would like to thank Peleg Hadar for reporting this vulnerability.”
Share