Discovered by SafeBreach Labs, the research unit of SafeBreach, the vulnerability could allow full control to low-level hardware and software on unprotected consumer and business computers from Dell and several other OEMs.
SUNNYVALE, Calif., June 21, 2019 /PRNewswire/ -- SafeBreach, a leader in breach and attack simulation, today announced that it has discovered a major security vulnerability potentially affecting several million laptops and desktops made by Dell Computer and several other Original Equipment Manufacturers (OEMs). The vulnerability exploits a security hold in software manufactured by PC-Doctor that is used as part of Dell SupportAssist software. SupportAssist performs health checks on system hardware and software, verifying that a machine is working as intended.
The vulnerability exploits weaknesses in the library structure of the application, including the lack of digital certificate validation in a key process that allows for access to physical memory. In a Proof-of-Concept, the SafeBreach research team demonstrated that attacking this vulnerability would allow attackers to access and read or write to the physical memory of systems. This would enable them to install malicious executables or otherwise compromise the system and achieve admin-level permissions on the system, giving them effective control.
"This is a serious security issue that would allow attackers access to system-level capabilities, giving them near total control over what's happening on that machine and the ability to read, copy or alter any data in physical memory," said Itzik Kotler, CTO and Co-Founder of SafeBreach. "We urge everyone who has purchased a machine that uses PC-Doctor software as part of its health check system to upgrade and patch their machines as quickly as possible."
SafeBreach reported the vulnerability (CVE-2019-12280) to Dell and PC-Doctor upon discovery in late May 2019.
Dell response: "PC-Doctor released the fix to Dell. Dell implemented the fix and released updates on May 28, 2019 for the affected Dell SupportAssist for Business PCs and Dell SupportAssist for Home PCs versions. More than 90% of customers to date have received the update and are no longer as risk. Most customers have automatic updates enabled, which is a general security best practice to keep software and systems up to date. Dell urges customers to turn on automatic updates or manually update their SupportAssist software. Dell's first priority is product security and helping our customers ensure the security of their data and systems. Customers can find more information within the Dell security advisory DSA-2019-084."
The vulnerability was the latest discovered by SafeBreach Labs as part of the company's efforts to make all computing systems more secure and reliable. For more details on this research go to https://safebreach.com/Post/OEM-Software-Puts-Multiple-Laptops-At-Risk.
SafeBreach is a leader in breach and attack simulation. The company's groundbreaking platform provides a "hacker's view" of an enterprise's security posture to proactively predict attacks, validate security controls and improve security operations center (SOC) analyst response. SafeBreach automatically executes thousands of breach methods from an extensive and growing Hacker's Playbook™ of research and real-world investigative data. Headquartered in Sunnyvale, California, the company is funded by Sequoia Capital, Deutsche Telekom Capital Partners, Draper Nexus, Hewlett Packard Pathfinder, PayPal and investor Shlomo Kramer. For more information, visit www.safebreach.com or follow us on Twitter @SafeBreach.