Super_Spartan 56 Posted May 1, 2020 Share Posted May 1, 2020 (edited) Just saw this on the Dell website under the Alienware Area-51m Laptop Drivers: Dell Security Advisory Update - DSA-2020-059 Quote Fixes & EnhancementsThis update addresses the Dell Security Advisory DSA-2020-059. Any idea what is this? Edited May 1, 2020 by Super_Spartan Link to comment Share on other sites More sharing options...
ESET Insiders NewbyUser 74 Posted May 1, 2020 ESET Insiders Share Posted May 1, 2020 (edited) https://www.dell.com/support/article/en-us/sln321036/dsa-2020-059-dell-os-recovery-image-insecure-inherited-permissions-vulnerability?lang=en Seems to be addressing this https://www.dell.com/support/article/en-us/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776?lang=en Either they're slow to patch it or it wasn't fully addressed in prior patching Or, likely adding the patch to the restore image, so it would be one less thing to have to address should restore be needed. Summary: Dell Windows 10 recovery images require an update to address an insecure inherited permissions vulnerability. Edited May 1, 2020 by NewbyUser Super_Spartan 1 Link to comment Share on other sites More sharing options...
itman 1,740 Posted May 1, 2020 Share Posted May 1, 2020 Actually this sort of thing applies to any recover image regardless of how it was created. If the image creation precedes the Win 10 patch of the vulnerability, restoring that image recreates the vulnerability. Neat how Dell appears to have the capability to patch their built-in recovery partition image backup. Super_Spartan 1 Link to comment Share on other sites More sharing options...
ESET Insiders NewbyUser 74 Posted May 1, 2020 ESET Insiders Share Posted May 1, 2020 33 minutes ago, itman said: Actually this sort of thing applies to any recover image regardless of how it was created. If the image creation precedes the Win 10 patch of the vulnerability, restoring that image recreates the vulnerability. Neat how Dell appears to have the capability to patch their built-in recovery partition image backup. Yeaa, Hard to say what they actually did lol. Did they update the image itself to apply patches in the image? Iol or did they update the actual restore process itself? That seems unlikely as restoring typically occurs outside windows and is a bit by bit overwrite so I doubt permissions are needed. It's not a very informative update summary, so it's hard to say what they actually changed. 33 minutes ago, itman said: Super_Spartan 1 Link to comment Share on other sites More sharing options...
ESET Insiders NewbyUser 74 Posted May 1, 2020 ESET Insiders Share Posted May 1, 2020 After some more thought, they could possibly be updating the permissions in the process itself. There are some not widely disclosed vulnerabilities in the Computrace application. This is one of the reasons I think Eset and Kaspersky started UEFI scanning, ie Lojax or Lojack, depending on which naming scheme. That's a bit above my understanding though. Perhaps itman could elaborate more on that aspect. Link to comment Share on other sites More sharing options...
itman 1,740 Posted May 1, 2020 Share Posted May 1, 2020 In regards to CVE-2020-5343, it's an undisclosed vulnerability. In other words, Dell is keeping whatever it is out of the public realm. Ref.: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5343 Link to comment Share on other sites More sharing options...
ESET Insiders NewbyUser 74 Posted May 1, 2020 ESET Insiders Share Posted May 1, 2020 (edited) 37 minutes ago, itman said: In regards to CVE-2020-5343, it's an undisclosed vulnerability. In other words, Dell is keeping whatever it is out of the public realm. Ref.: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5343 Lol, It isn't Dell keeping it out of the public realm. Think more along the lines of 5 Eyes. And NO, it's not a big brother spying issue. It's a security issue, Governments use a lot of Dells lol. Until most if not all are patched they likely won''t be disclosed publicly. Edited May 1, 2020 by NewbyUser Link to comment Share on other sites More sharing options...
Recommended Posts