PC-Doctor, which makes and maintains the software-repair tool wrote that it had recently learned of the vulnerability, adding, “In our opinion, it would be very rare for one to have both permissions and the ability to exploit this vulnerability.
“To exploit this vulnerability, an administrative user or process would have to change the system’s PATH environment variable to include a folder writable by non-admin users, and craft a DLL that exploits PC-Doctor’s administrative privileges. It is not possible to exploit this vulnerability without modifying default Windows settings.”
“According to Dell’s website, SupportAssist is preinstalled on most of Dell devices running Windows. This means that as long as the software is not patched, the vulnerability affects millions of Dell PC users,” Hadar wrote.
The vulnerability in SupportAssist was originally report on April 29, 2019. “In our initial exploration, we targeted the ‘Dell Hardware Support’ service based on the assumption [that] such a critical service would have high permission level access to the PC hardware as well as the capability to induce privilege escalation,” Hadar said.
If exploited, attackers could load and execute malicious payloads by a signed service, which could also be abused for execution and evasion.
On May 28, the fixes provided by PC-Doctor for the affected versions of Support Assist were released by Dell.
Noting that the PC-Doctor CVE-2019-12280 vulnerability received a high severity rating, Dell’s security advisory said, “The PC Doctor component in Dell SupportAssist for Business Systems and Dell SupportAssist for Home PCs has been updated. The vulnerability affects the Dell SupportAssist for Business PCs version 2.0.1 and Dell SupportAssist for Home PCs version 3.2.2.”