Dell Security Advisory Update?

[Super_Spartan 56]

Just saw this on the Dell website under the Alienware Area-51m Laptop Drivers: Dell Security Advisory Update - DSA-2020-059

Quote

Fixes & Enhancements
This update addresses the Dell Security Advisory DSA-2020-059.

Any idea what is this?

Edited May 1, 2020 by Super_Spartan

[NewbyUser 73]

https://www.dell.com/support/article/en-us/sln321036/dsa-2020-059-dell-os-recovery-image-insecure-inherited-permissions-vulnerability?lang=en

 

Seems to be addressing this https://www.dell.com/support/article/en-us/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776?lang=en

 

Either they're slow to patch it or it wasn't fully addressed in prior patching

Or, likely adding the patch to the restore image, so it would be one less thing to have to address should restore be needed.

Summary:

Dell Windows 10 recovery images require an update to address an insecure inherited permissions vulnerability.

Edited May 1, 2020 by NewbyUser

[itman 1,659]

Actually this sort of thing applies to any recover image regardless of how it was created. If the image creation precedes the Win 10 patch of the vulnerability, restoring that image recreates the vulnerability.

Neat how Dell appears to have the capability to patch their built-in recovery partition image backup.

 

[NewbyUser 73]

33 minutes ago, itman said:

Actually this sort of thing applies to any recover image regardless of how it was created. If the image creation precedes the Win 10 patch of the vulnerability, restoring that image recreates the vulnerability.

Neat how Dell appears to have the capability to patch their built-in recovery partition image backup.

Yeaa, Hard to say what they actually did lol. Did they update the image itself to apply patches in the image? Iol or did they update the actual restore process itself? That seems unlikely as restoring typically occurs outside windows and is a bit by bit overwrite so I doubt permissions are needed. It's not a very informative update summary, so it's hard to say what they actually changed.  

33 minutes ago, itman said:

 

 

[NewbyUser 73]

After some more thought, they could possibly be updating the permissions in the process itself. There are some not widely disclosed vulnerabilities in the Computrace application. This is one of the reasons  I think Eset and Kaspersky started UEFI scanning, ie Lojax or Lojack, depending on which naming scheme. That's a bit above my understanding though. Perhaps itman could elaborate more  on that aspect.

[itman 1,659]

In regards to CVE-2020-5343, it's an undisclosed vulnerability. In other words, Dell is keeping whatever it is out of the public realm.

Ref.: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5343

[NewbyUser 73]

37 minutes ago, itman said:

In regards to CVE-2020-5343, it's an undisclosed vulnerability. In other words, Dell is keeping whatever it is out of the public realm.

Ref.: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5343

Lol, It isn't Dell keeping it out of the public realm. Think more along the lines of 5 Eyes.

 

And NO, it's not a big brother spying issue. It's a security issue, Governments use a lot of Dells lol. Until most if not all are patched they likely won''t be disclosed publicly.

Edited May 1, 2020 by NewbyUser