Dell Precision Optimizer and Invincea

Cisco Talos researcher Marcin Noga discovered three vulnerabilities in pre-installed Dell software. The first, CVE-2016-9038, is a privilege escalation vulnerability that exists in the SboxDrv.sys driver in Invincea-X and Dell Protected Workspace version 6.1.3-24058. Successful exploitation could allow a local threat actor to cause kernel memory corruption resulting in privilege escalation via a special application. There is currently no patch for CVE-2016-9038. The second, CVE-2016-8732, is a security bypass vulnerability that exists in theInvProtectDrv.sys driver in Invincea and Dell Protected Workspace version 5.1.1-22303. Successful exploitation could allow a threat actor to turn off some security functionality via a malicious application due to the weak permissions on the driver communication channel. This vulnerability is patched in the 6.3.0 release. The third, CVE-2017-2802, is a privilege escalation vulnerability that exists in the poaService.exe service component in Dell Precision Optimizer version 3.5.5.0. Successful exploitation could allow a local threat actor to elevate privileges via a malicious dll file. This vulnerability is patched in versions 4.0 and up. The NJCCIC recommends all users and administrators of the affected software review the Cisco Talos vulnerability report, immediately apply any available updates, and uninstall any unused or unnecessary software.