OEM Software Puts Multiple Laptops At Risk (Jun 21, 2019)
Researchers at SafeBreach Labs have identified a vulnerability in Dell’s “SupportAssist” software that is preinstalled on millions of Dell laptops and PCs to carry out health checks. The vulnerability, “CVE-2019-12280,” can allow an actor to escalate privileges and achieve persistence on an affected machine. Due to how .dll files are loaded by the software, malicious DLLs could be placed in specific directories, enabling an attacker to gain complete control of a system. SupportAssist is maintained by PC Doctor, which also provide tools for other Windows computers. This means that more computers could be at risk that are not Dell. The vulnerability was reported to Dell on April 29th by SafeBreach, with Dell reporting it to PC Doctor, who released fixes on May 28th.
Recommendation: Users are recommended to update their software as soon as possible, due to the potential for a threat actor to take complete control of their system. In addition, the public reporting on the vulnerability combined with the high number of potentially vulnerable systems may cause an increase in exploitation attempts.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.