Allele Security Alert
ASA-2019-00372, DSA-2019-088, CVE-2019-3735
Improper Privilege Management Vulnerability
Dell SupportAssist for Business
Dell SupportAssist for Home
Dell SupportAssist for Business PCs version 2.0
Dell SupportAssist for Home PCs version 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1
Dell SupportAssist for Business PCs version 2.0.1
Dell SupportAssist for Home PCs version 3.2.2
Proof of concept
Dell SupportAssist for Business PCs and Dell SupportAssist for Home PCs has been updated to address a vulnerability, which may be potentially exploited to compromise the system.
Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist for Home PCs version 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1 contain an Improper Privilege Management Vulnerability. A malicious local user can exploit this vulnerability by inheriting a system thread using a leaked thread handle to gain system privileges on the affected machine.
DSA-2019-088: Dell SupportAssist Security Update for Improper Privilege Management Vulnerability
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: June 22, 2019