Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products

Dell Endpoint Security Suite Enterprise and Dell Threat Defense Escalation of Privileges Vulnerability

Summary: This article outlines vulnerabilities that Cylance PROTECT (Dell’s vendor for Advanced Threat Prevention found in Dell Endpoint Security Suite Enterprise and Threat Defense) disclosed in May 2018. ...

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.

Symptoms

Note:

Affected Products:

  • Dell Endpoint Security Suite Enterprise
  • Dell Threat Defense

Cause

Not Applicable

Resolution

When the Advanced Threat Prevention agent makes a connection to the Update Service that an https connection is initiated, which prompts the ATP agent to validate that the certificate being used does come from a trusted source. The agent should also check to ensure a valid, Trusted Root CA signed the certificate. Before v1481 for Dell Endpoint Security Suite Enterprise, and v1482 for Dell Threat Defense, the Agent did not properly validate the Root CA. This could be used for a Man in the Middle attack to push a file down to the agent. However, as a secondary precaution, the Agent only accepts update packages with an identical hash to what is expected.

The impact to customers is minimal, as there are secondary checks in place to assure that no fraudulent packages can be added to the Advanced Threat Prevention agent. Any update not having the expected hash is rejected before being opened.

Agent v1481.90 for Dell Endpoint Security Suite Enterprise, and v1482.90 for Dell Threat Defense has changed the setting to require validation of the entire certificate chain. Dell Technologies recommends updating all Agents to the latest version to ensure the latest protection and prevention available.

Customers leveraging Dell Endpoint Security Suite Enterprise can enable autoupdate using their Dell Security Management Server’s WebUI to receive this update and it to be applied to all their endpoints, reference Endpoint Security Suite Enterprise Advanced Installation Guide v1.8 for instructions.

Note: If you cannot enable autoupdate, then an offline update package can be requested from Dell ProSupport.

Dell Threat Defense customers can enable updates for their devices by following the items that are outlined under Settings > Configure Updates in this knowledge base article here:

How To Manage Dell Threat Defense

A vertical privilege escalation attack has been identified within Dell Endpoint Security Suite Enterprise and Dell Threat Defense. An iterative approach is being taken to resolve this vulnerability. Dell is working with its partners to ensure that a fix version is available as quickly as possible.

A privilege escalation attack can allow a malicious party access to protected resources if they gain access to the computer. This type of attack requires a malicious user to have access to the device.

Customers leveraging Dell Endpoint Security Suite Enterprise can enable autoupdate using their Dell Security Management Server’s WebUI to receive this update and it to be applied to all their endpoints, reference Dell Endpoint Security Suite Enterprise Advanced Installation Guide v1.8 for instructions.

Note: If you cannot enable autoupdate, then an offline update package can be requested from Dell ProSupport.

Dell Threat Defense customers can enable updates for their devices by following the items that are outlined under Settings > Configure Updates in this knowledge base article here:

How To Manage Dell Threat Defense

More information can be found here:

https://www.atredis.com/blog/cylance-privilege-escalation-vulnerability This hyperlink is taking you to a website outside of Dell Technologies.


To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.

Affected Products

Dell Threat Defense, Dell Endpoint Security Suite Enterprise
Article Properties
Article Number: 000131222
Article Type: Solution
Last Modified: 18 Jun 2024
Version:  10
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.