Rewterz Threat Advisory – CVE-2020-5316 – Dell Patches SupportAssist Flaw That Allows Arbitrary Code Execution

Severity

High

Analysis Summary

Dell has patched a high-severity flaw in its SupportAssist software that could allow an attacker to execute arbitrary code with administrator privileges on affected computers. The uncontrolled search path vulnerability allows a local user to use DLLs to escalate privileges and affects Windows PCs. SupportAssist is “smart” software designed by Dell to alert the company of any problems on a customer’s hardware or software that may need to be resolved. The flaw, CVE-2020-5316, could allow a locally authenticated user with low privileges to “cause the loading of arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of arbitrary code.
The flaw affects both business and home users of Dell systems. SupportAssist comes preinstalled on most new Dell devices running Windows. In addition to the type of vulnerability recently found in SupportAssist, another DLL problem “where a local executable file or DLL could be overwritten by any user” exists as well. Although affecting tens of thousands of devices, these flaws can’t be easily exploited at scale. Updates are available.

Impact

• Privilege Escalation
• Arbitrary code execution

Affected Vendors

Dell

Affected products

Dell SupportAssist for business PCs version 2.1.3 or older
home PCs version 3.4 or older

Remediation

• All versions of SupportAssist automatically upgrade to the latest version available if automatic upgrades are enabled.
• Users can check which version they are running and upgrade to a newer version of SupportAssist if available.