CYBER NEWS

Pre-Installed Dell Software Flaws Could Disable Security Mechanisms

Are you a Dell customer? Be alert as Talos researchers have discovered that Dell’s pre-installed software contains vulnerabilities that could allow attackers to disable security programs. The flaws could also lead to escalation of privilege attacks.

Related Story: Dell Tech Support Scams Point at a Major Customer Data Breach

More specifically, three separate vulnerabilities have been unearthed affecting specific Dell systems. Customers are advised to apply patches immediately. “Talos are releasing advisories for vulnerabilities in the Dell Precision Optimizer application service software, Invincea-X and Invincea Dell Protected Workspace,” researchers said.

CVE-2016-9038 Description

The vulnerability is a privilege escalation one, and exists in the SboxDrv.sys driver.

The flaw is a double fetch in the SboxDrv.sys driver. It is triggered by sending crafted data to the \Device\SandboxDriverApi device driver which is read/write accessible to everyone. In case of a successful, an arbitrary value is written to kernel memory space, which can then lead to local privilege escalation.

Known vulnerable devices are: Invincea-X, Dell Protected Workspace 6.1.3-24058.

CVE-2016-8732 Description

The next flaw is CVE-2016-8732 and is located within the Invincea Dell Protected Workspace, a security solution by Dell that should provide enhanced protection for endpoint devices. However, Talos has located multiple flaws within one of the driver components – InvProtectDrv.sys – included in version 5.1.1-22303. “Due to weak restrictions on the driver communications channel, as well as insufficient validation, an attacker controlled application that is executed on an affected system could leverage this driver to effectively disable some of the protection mechanisms provided by the software,” Talos explains.

Related Story: Dell SonicWALL Email Security Platform Flaws Could Cause Sensitive Information Disclosure

The flaw has been fixed in the 6.3.0 release of the software.

CVE-2017-2802 Description

The vulnerability is of the protection bypass kind, which affects the Dell PPO Service that is part of the Dell Precision Optimizer application. During the start of Dell PRO Service, the program c:\Program Files\Dell\PPO\poaService.exe loads the c:\Program Files\Dell\PPO\ati.dll file. Then the atiadlxx.dll is attempted to load, which is not present by default in the app directory.

The program then tries to locate an appropriately named dll in the directories specified by the PATH environment variable, Talos explains. If such a dll is located, it will load it into poaService.exe without checking the signature of the file. This action can cause execution of arbitrary code in case an attacker supplies a malicious dll with the correct name.

A patch has been released by Dell. Versions from v4.0 onwards aren’t vulnerable.

All affected parties are urged to update as soon as possible.

Milena Dimitrova

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the beginning. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...