This issue affects all Windows operating systems with a supported revision of the BIOS (starting with version 1.0) and is addressed in the latest Dell BIOS releases. To be protected against this vulnerability, upgrade to the latest BIOS version. A patch has been released by Dell, which can be installed via the Dell update utility or manually downloaded from the Dell website.
Collaborative Software
A vulnerability has been identified within Dell's Collaborative Application. A local authenticated malicious user may potentially exploit this vulnerability by installing a malicious software package.

Dell has released a patch to address this vulnerability. The patch can be downloaded from the Dell website.

Microsoft Windows
A vulnerability has been identified within Microsoft Windows which may allow a local authenticated malicious user to potentially escalate privileges within the operating system.
A local authenticated malicious user may potentially exploit this vulnerability by creating a malicious software package.
Microsoft has released a patch addressing this vulnerability. The patch can be downloaded from the Microsoft website.

A vulnerability has been identified within Microsoft Windows which may allow a local authenticated malicious user to potentially escalate privileges within the operating system.
A local authenticated malicious user may potentially exploit this vulnerability by creating a malicious software package.

References ref name="CONTRIB/ID"

The vulnerabilities are from CVE-2022-32486, CVE-2018-0982, CVE-2018-1036, and CVE-2018-1040.

Collaborative Software
A vulnerability has been identified within Dell's Collaborative Application. A local authenticated malicious user may potentially exploit this vulnerability by installing a malicious software package.
Dell has released a patch to address this vulnerability. The patch can be downloaded from the Dell website.

Scenario

When a malicious software package is created, it may be possible for the user to escalate privileges within the operating system. On Windows 7, this vulnerability could potentially be exploited by creating a malicious software package and installing it on the target system.

Windows-Specific Configuration Steps

To protect against this vulnerability, Windows users will need to do the following:
1. Download and install the latest version of the Microsoft Malicious Software Removal Tool from the Microsoft Security website.
2. Run the tool to check for any malicious software packages on your computer and remove them if found.
3. Configure Windows updates so that it will automatically download and install patches for vulnerabilities (including this one).
4. Install an updated version of Dell's BIOS from their website or through their update utility (if you are running a supported BIOS revision).

Timeline

Published on: 10/11/2022 17:15:00 UTC
Last modified on: 10/14/2022 03:25:00 UTC

References