With so much of news surrounding major global malware attacks such as the recent NotPetya incident, not much has been talked about some flaws that exist within the popular Dell software.
Security flaws that require immediate update
Before letting you know about the technical details of the vulnerabilities, it is important to note that those with Dell devices are advised to upgrade the Dell pre-installed software immediately so as to prevent any major accidents.
Given that many businesses use the Dell system, it is strongly recommended that the respective IT administrators install the latest updates before things get messy.
Three different vulnerabilities
Security researcher, Marcin Icewall Noga, who works at Cisco Talos, Cisco’s security intelligence unit, discovered three vulnerabilities in Dell’s pre-installed software. Let’s have a look at what these vulnerabilities are.
CVE-2016-9038
The first vulnerability is associated with privilege rights to the system. In essence, the CVE-2016-9038 is a vulnerability that provides an attacker the privileges to a local system. The vulnerability is present in the SboxDrv.Sys driver.
An attacker can send custom data to the SandboxDriverApi device driver that comes with a Dell device. The vulnerability allows read and write capabilities to the attacker. If carried out correctly, the attacker gains privilege escalation.
Also, Noga stated that the fault not only exists with the device driver but also with Workspace 6.1.3-24058 and Invincea-X.
CVE-2016-8732
The CVE-2016-8732 is a vulnerability which virtually allows an attacker to disable protection protocols in Dell’s systems. The software associated with the vulnerability is the Dell Protected Workspace 5.1.1-22303 with InvProtectDrv.sys driver containing further vulnerabilities.
The driver has inferior protection and lacks proper validation. The attacker can, therefore, use the vulnerability to infect a system by executing applications that will disable certain security protocols, allowing the attacker to infiltrate a system.
CVE-2017-2082
Also a protection bypass vulnerability, the CVE-2017-2082 involves Dell’s PPO service and allows an attacker to execute arbitrary code.
Initially, the vulnerability arises as a result of poaService.exe searching for the DLL library called atiadlxx.dll. The attacker can, however, use a customized version of this library file and run arbitrary code.
Nevertheless, version 4.0 comes with a patch and users are recommended to update their systems as quickly as possible.
Hi. As you may know, the vulnerability has been mitigated through a Dell Command update at https://t.co/n5Y6Mrq910. Thank you! #iworkfordell
— Katie Neuman 😁 (@kneuman) July 6, 2017
Update:
The good news is that Dell has addressed the issue and the vulnerability has been mitigated through a Dell Command update.