Jump to content

Recommended Posts

Posted (edited)

Just saw this on the Dell website under the Alienware Area-51m Laptop Drivers: Dell Security Advisory Update - DSA-2020-059

Quote

Fixes & Enhancements
This update addresses the Dell Security Advisory DSA-2020-059.

Any idea what is this?

Edited by Super_Spartan
  • ESET Insiders
Posted (edited)

https://www.dell.com/support/article/en-us/sln321036/dsa-2020-059-dell-os-recovery-image-insecure-inherited-permissions-vulnerability?lang=en

 

Seems to be addressing this https://www.dell.com/support/article/en-us/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776?lang=en

 

Either they're slow to patch it or it wasn't fully addressed in prior patching

Or, likely adding the patch to the restore image, so it would be one less thing to have to address should restore be needed.

Summary:

Dell Windows 10 recovery images require an update to address an insecure inherited permissions vulnerability.

Edited by NewbyUser
Posted

Actually this sort of thing applies to any recover image regardless of how it was created. If the image creation precedes the Win 10 patch of the vulnerability, restoring that image recreates the vulnerability.

Neat how Dell appears to have the capability to patch their built-in recovery partition image backup.

 

  • ESET Insiders
Posted
33 minutes ago, itman said:

Actually this sort of thing applies to any recover image regardless of how it was created. If the image creation precedes the Win 10 patch of the vulnerability, restoring that image recreates the vulnerability.

Neat how Dell appears to have the capability to patch their built-in recovery partition image backup.

Yeaa, Hard to say what they actually did lol. Did they update the image itself to apply patches in the image? Iol or did they update the actual restore process itself? That seems unlikely as restoring typically occurs outside windows and is a bit by bit overwrite so I doubt permissions are needed. It's not a very informative update summary, so it's hard to say what they actually changed.  

33 minutes ago, itman said:

 

 

  • ESET Insiders
Posted

After some more thought, they could possibly be updating the permissions in the process itself. There are some not widely disclosed vulnerabilities in the Computrace application. This is one of the reasons  I think Eset and Kaspersky started UEFI scanning, ie Lojax or Lojack, depending on which naming scheme. That's a bit above my understanding though. Perhaps itman could elaborate more  on that aspect.

  • ESET Insiders
Posted (edited)
37 minutes ago, itman said:

In regards to CVE-2020-5343, it's an undisclosed vulnerability. In other words, Dell is keeping whatever it is out of the public realm.

Ref.: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5343

Lol, It isn't Dell keeping it out of the public realm. Think more along the lines of 5 Eyes.

 

And NO, it's not a big brother spying issue. It's a security issue, Governments use a lot of Dells lol. Until most if not all are patched they likely won''t be disclosed publicly.

Edited by NewbyUser
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...