Update your buggy Samsung PC bloatware to plug privilege bug

Malicious DLL can lead to pwnage

Another vulnerability has emerged in Samsung's Software Updater (SW Update) service – this time giving an attacker potential “full control” over a system.

Announced by German consultants Blue Frost Security, the vulnerability could be exploited to give an attacker full control over a victim's machine.

To exploit the vulnerability, posted to Full Disclosure, the attacker needs authenticated access to the target machine, so they can drop a crafted DLL into the SW Update directory.

That's because SW Service allows any authenticated user to write to the C:\ProgramData\Samsung\SW Update Service\ directory.

On the next restart, the advisory states, the crafted DLL will run and the attacker will have full control of the target.

Sysadmins should update to SW Update version 2.2.7.24, or if they can't, they should change the permissions on affected machines so users can't write to the SW Update directory.

Back in March, the same service was found to be vulnerable to a man-in-the-middle attack.

PC vendors' OEM software has been under the spotlight since May, when Lenovo, Acer, Asus, Dell and HP were spanked over what Duo Security called “vendor-incentivized crapware”. ®

Sponsored: Detecting cyber attacks as a small to medium business

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER




Biting the hand that feeds IT © 1998–2020