メイン コンテンツに進む
  • すばやく簡単にご注文が可能
  • 注文内容の表示、配送状況をトラック
  • 会員限定の特典や割引のご利用
  • 製品リストの作成とアクセスが可能

DSA-2019-088: Dell SupportAssist Security Update for Improper Privilege Management Vulnerability

概要: Security Update for the DSA-2019-088: Dell SupportAssist Improper Privilege Management Vulnerability

この記事は次に適用されます: この記事は次には適用されません: この記事は、特定の製品に関連付けられていません。 すべての製品パージョンがこの記事に記載されているわけではありません。

現象

DSA-2019-088: Dell SupportAssist Security Update for Improper Privilege Management Vulnerability

DSA Identifier: DSA-2019-088

CVE Identifier: CVE-2019-3735

Severity: High

 

Severity Rating: CVSS Base Score: 7.0 (AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

 

Affected Products: 

Dell SupportAssist for Business PCs version 2.0

Dell SupportAssist for Home PCs version 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1

 

Summary: 

Dell SupportAssist for Business PCs and Dell SupportAssist for Home PCs has been updated to address a vulnerability, which may be potentially exploited to compromise the system.

 

Details: 

Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist for Home PCs version 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, and 3.2.1 contain an Improper Privilege Management Vulnerability. A malicious local user can exploit this vulnerability by inheriting a system thread using a leaked thread handle to gain system privileges on the affected machine.

 

Resolution: 

The following Dell SupportAssist for Business PCs and Dell SupportAssist for Home PCs release contains a resolution to this vulnerability:

  • Dell SupportAssist for Business PCs version 2.0.1
  • Dell SupportAssist for Home PCs version 3.2.2

                                                                                                                         

Dell recommends all customers upgrade at the earliest opportunity.

 

Method 1: Auto Update

All versions of SupportAssist automatically upgrade to the latest version available, if automatic updates are enabled. Customers can also manually check and upgrade SupportAssist.

 

Method 2: Manual Update

Steps for a manual update of SupportAssist for Home PCs:

  1. Open SupportAssist.
  2. On the top-right corner of the SupportAssist window, click the settings icon, and then click ‘About SupportAssist’. SupportAssist will automatically check if a newer version of SupportAssist is available.
  • If no update is available, a message indicating that the latest version of SupportAssist is installed is displayed.
  • If a newer version of SupportAssist is available, the ‘Update Now’ link is displayed.
  1. Upon clicking Update Now, the latest version of SupportAssist is downloaded and installed on the system.

 

SLN317453_en_US__1icon NOTE: For the manual update of SupportAssist for Business PCs, download and extract the SupportAssist installer package. Refer to Dell SupportAssist for PCs and Tablets Deployment Guide for Managing Business Systems for deployment instructions.

 

Please visit https://www.dell.com/support/home?app=drivers for updates on the applicable products.

Customers may use one of the Dell notification solutions to be notified and download driver, BIOS and firmware updates automatically once available.



Credit:

Dell would like to thank Bill Demirkapi for reporting this vulnerability.

Severity Rating: 

For an explanation of Severity Ratings, refer to Dell Vulnerability Response Policy. Dell EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with a particular security vulnerability.

Legal Information:

Dell recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Dell disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.

原因

 

解決方法

 
文書のプロパティ
文書番号: 000140048
文書の種類: Solution
最終更新: 13 4月 2021
バージョン:  3
質問に対する他のDellユーザーからの回答を見つける
サポート サービス
お使いのデバイスがサポート サービスの対象かどうかを確認してください。