CVE-2025-36612
📋 TL;DR
Dell SupportAssist for Business PCs versions 4.5.3 and earlier contain an incorrect privilege assignment vulnerability (CWE-266). A local attacker with low privileges can exploit this to elevate their privileges on the system. This affects all systems running vulnerable versions of Dell SupportAssist for Business PCs.
💻 Affected Systems
- Dell SupportAssist for Business PCs
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
An attacker gains full administrative control over the system, enabling installation of malware, data theft, persistence mechanisms, and lateral movement within the network.
Likely Case
Local user or malware with limited privileges escalates to SYSTEM/administrator level to bypass security controls, install additional payloads, or access protected resources.
If Mitigated
With proper privilege separation and application control, impact is limited to the compromised user account without system-wide compromise.
🎯 Exploit Status
Exploitation requires local access and low privileged user account. The vulnerability involves incorrect privilege assignment rather than a memory corruption issue.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 4.5.4 or later
Restart Required: No
Instructions:
1. Open Dell SupportAssist application. 2. Check for updates in settings. 3. Install available updates. 4. Alternatively, download latest version from Dell's official website and install.
🔧 Temporary Workarounds
Uninstall SupportAssist
WindowsRemove vulnerable software entirely if not required
Control Panel > Programs > Uninstall a program > Select Dell SupportAssist > Uninstall
Restrict Local Access
allLimit physical and remote local access to vulnerable systems
🧯 If You Can't Patch
- Implement strict application control policies to prevent unauthorized privilege escalation attempts
- Enforce principle of least privilege for all user accounts and monitor for unusual privilege escalation activities
🔍 How to Verify
Check if Vulnerable:
Check Dell SupportAssist version in Control Panel > Programs or via the application's about/settings sectionCheck Version:
wmic product where name="Dell SupportAssist" get versionVerify Fix Applied:
Verify installed version is 4.5.4 or later and check for any privilege escalation attempts in security logs📡 Detection & Monitoring
Log Indicators:
- Windows Security Event ID 4688 (process creation) showing SupportAssist processes with elevated privileges
- Unexpected privilege escalation events in application logs
Network Indicators:
- Unusual outbound connections from SupportAssist processes post-exploitation
SIEM Query:
source="windows_security" event_id=4688 process_name="*SupportAssist*" AND integrity_level_change