If you own a Dell, now would be a good time to update your system. Even if your PC wasn’t manufactured by Dell, it’s possible that a new vulnerability affecting millions could apply to you.
Researchers at SafeBreach Labs on Monday disclosed a high-severity flaw in Dell’s SupportAssist utility. And it could allow attackers to inject malicious code onto your business or home PC, eventually gaining full control of the system through privilege escalation.
The vulnerability, which allows attackers to replace harmless DLL files loaded during diagnostic scans with ones bearing a malicious payload, was initially reported on April 29. Dell confirmed the bug a month later and a fix was rolled out late last month.
SafeBreach Labs said it targeted SupportAssist, software pre-installed on most Dell PCs designed to check the health of the system’s hardware, based on the assumption that “such a critical service would have high permission level access to the PC hardware as well as the capability to induce privilege escalation.”
What the researchers found is that the application loads DLL files from a folder accessible to users, meaning the files can be replaced and used to load and execute a malicious payload.
There are concerns the flaw may affect non-Dell PCs, as well.
The affected module within SupportAssist is a version of PC-Doctor Toolbox found in a number of other applications, including: Corsair ONE Diagnostics, Corsair Diagnostics, Staples EasyTech Diagnostics, Tobii I-Series Diagnostic Tool, and Tobii Dynavox Diagnostic Tool.
The most effective way to prevent DLL hijacking is to quickly apply patches from the vendor. To fix this bug, either allow automatic updates to do its job, or download the latest version of Dell SupportAssist for Business PCs (x86 or x64) or Home PCs (here).
You can read a full version of the SafeBreach Labs report here.