now browsing by tag


Dell fixes privilege elevation bug in support software – Naked Security

Source: National Cyber Security – Produced By Gregory Evans

Users of Dell SupportAssist should patch their software immediately to fix a software bug that could lead to arbitrary code execution, the PC vendor said this week.

SupportAssist is a Dell software product that comes preinstalled on most of its Windows-based endpoints. It performs diagnostic tasks and streamlines the creation of support tickets for Dell machines by sending back the appropriate data to Dell operatives. It can even provide predictive maintenance for users with premium accounts, warning of components that look like they’re close to failure.

According to a Dell advisory, a vulnerability in the program lets a locally-authenticated low-privilege user force the SupportAssist program binaries to load arbitrary dynamic-link libraries (DLLs). DLLs are executable files that can contain data and other resources, and they’re often used as a way to break down applications into modular parts.

By forcing the SupportAssist software to run a DLL, an attacker could have it run with the Dell application’s privileges, effectively mounting a privilege elevation attack.