Batu69 Posted June 14, 2016 Share Posted June 14, 2016 Malicious DLL can lead to pwnage Another vulnerability has emerged in Samsung's Software Updater (SW Update) service – this time giving an attacker potential “full control” over a system. Announced by German consultants Blue Frost Security, the vulnerability could be exploited to give an attacker full control over a victim's machine. To exploit the vulnerability, posted to Full Disclosure, the attacker needs authenticated access to the target machine, so they can drop a crafted DLL into the SW Update directory. That's because SW Service allows any authenticated user to write to the C:\ProgramData\Samsung\SW Update Service\ directory. On the next restart, the advisory states, the crafted DLL will run and the attacker will have full control of the target. Sysadmins should update to SW Update version 2.2.7.24, or if they can't, they should change the permissions on affected machines so users can't write to the SW Update directory. Back in March, the same service was found to be vulnerable to a man-in-the-middle attack. PC vendors' OEM software has been under the spotlight since May, when Lenovo, Acer, Asus, Dell and HP were spanked over what Duo Security called “vendor-incentivized crapware”. Article source Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.