Jump to content

Archived

This topic is now archived and is closed to further replies.

Super_Spartan

Dell Security Advisory Update?

Recommended Posts

https://www.dell.com/support/article/en-us/sln321036/dsa-2020-059-dell-os-recovery-image-insecure-inherited-permissions-vulnerability?lang=en

 

Seems to be addressing this https://www.dell.com/support/article/en-us/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776?lang=en

 

Either they're slow to patch it or it wasn't fully addressed in prior patching

Or, likely adding the patch to the restore image, so it would be one less thing to have to address should restore be needed.

Summary:

Dell Windows 10 recovery images require an update to address an insecure inherited permissions vulnerability.

Share this post


Link to post
Share on other sites

Actually this sort of thing applies to any recover image regardless of how it was created. If the image creation precedes the Win 10 patch of the vulnerability, restoring that image recreates the vulnerability.

Neat how Dell appears to have the capability to patch their built-in recovery partition image backup.

 

Share this post


Link to post
Share on other sites
33 minutes ago, itman said:

Actually this sort of thing applies to any recover image regardless of how it was created. If the image creation precedes the Win 10 patch of the vulnerability, restoring that image recreates the vulnerability.

Neat how Dell appears to have the capability to patch their built-in recovery partition image backup.

Yeaa, Hard to say what they actually did lol. Did they update the image itself to apply patches in the image? Iol or did they update the actual restore process itself? That seems unlikely as restoring typically occurs outside windows and is a bit by bit overwrite so I doubt permissions are needed. It's not a very informative update summary, so it's hard to say what they actually changed.  

33 minutes ago, itman said:

 

 

Share this post


Link to post
Share on other sites

After some more thought, they could possibly be updating the permissions in the process itself. There are some not widely disclosed vulnerabilities in the Computrace application. This is one of the reasons  I think Eset and Kaspersky started UEFI scanning, ie Lojax or Lojack, depending on which naming scheme. That's a bit above my understanding though. Perhaps itman could elaborate more  on that aspect.

Share this post


Link to post
Share on other sites
37 minutes ago, itman said:

In regards to CVE-2020-5343, it's an undisclosed vulnerability. In other words, Dell is keeping whatever it is out of the public realm.

Ref.: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5343

Lol, It isn't Dell keeping it out of the public realm. Think more along the lines of 5 Eyes.

 

And NO, it's not a big brother spying issue. It's a security issue, Governments use a lot of Dells lol. Until most if not all are patched they likely won''t be disclosed publicly.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...