Malicious DLL can lead to pwnage
Another vulnerability has emerged in Samsung’s Software Updater (SW Update) service – this time giving an attacker potential “full control” over a system.
Announced by German consultants Blue Frost Security, the vulnerability could be exploited to give an attacker full control over a victim’s machine.

To exploit the vulnerability, posted to Full Disclosure, the attacker needs authenticated access to the target machine, so they can drop a crafted DLL into the SW Update directory.
That’s because SW Service allows any authenticated user to write to the C:\ProgramData\Samsung\SW Update Service\ directory.
On the next restart, the advisory states, the crafted DLL will run and the attacker will have full control of the target.
Sysadmins should update to SW Update version 2.2.7.24, or if they can’t, they should change the permissions on affected machines so users can’t write to the SW Update directory.
Back in March, the same service was found to be vulnerable to a man-in-the-middle attack.
PC vendors’ OEM software has been under the spotlight since May, when Lenovo, Acer, Asus, Dell and HP were spanked over what Duo Security called “vendor-incentivized crapware”. ®
Sponsored: Rise of the machines

Leave a Reply