Dell Fixes Pre-Installed Vulnerabilities

Wednesday, July 5, 2017 @ 03:07 PM gHale

Dell is going about fixing devices that have built in cyber issues as pre-installed software includes vulnerabilities.

The vulnerabilities could allow hackers to disable security solutions and escalate privileges on the devices.

Botnet Switches Ransomware Brands
WannaCry Shuts Honda Plant
‘Hidden Cobra’ Warning Issued by Feds
ICS Malware Linked to Grid Attack

There are three different vulnerabilities affecting select Dell systems, urging customers to install the latest updates as soon as possible to prevent attacks, said Marcin ‘Icewall’ Noga of Cisco Talos, who found the holes, in a blog post.

First and foremost, there’s a privilege escalation vulnerability documented in CVE-2016-9038 and which exists in the SboxDrv.sys driver. The researcher said the security flaw can be exploited by sending crafted data to the \Device\SandboxDriverApi device driver because it provides read and write rights to everyone. A successful attack could lead to local privilege escalation. Invincea-X and Dell Protected Workspace 6.1.3-24058 suffer from that issue.

In addition, there is a protection bypass vulnerability (CVE-2016-8732). This time, the vulnerable software is Dell Protected Workspace 5.1.1-22303, whose InvProtectDrv.sys driver file contains multiple vulnerabilities.

The Dell Protected Workspace solution primarily focuses on enterprises, so IT pros and CIOs should install version 6.3.0 of the software, which is said to patch the vulnerability.

There is another protection bypass vulnerability (CVE-2017-2802), which affects the Dell PPO Service, which is part of the Dell Precision Optimizer app. It appears the poaService.exe looks for a DLL library called atiadlxx.dll, and by deploying a crafted version of the file on the target systems attackers could enable execution of arbitrary code. The issue ended up patched in version 4.0 of the application.

Users should install the available updates as soon as possible, but Dell officials did say they are not aware of any exploits based on these vulnerabilities.

Leave a Reply

You must be logged in to post a comment.