219 Posts
0
2372
Realtek HD Audio Driver Security Vulnerability CVE-2019-19705
Hello. I wish there was a Security Software section of this Dell forum where I can report this.
Earlier this year in 2020, Realtek posted this vulnerability report on their web site concerning Realtek HD Audio drivers for Windows.
There's also this report from SafeBreach about the potential security vulnerability with the Realtek audio drivers.
I think Dell needs to be aware of this issue and perhaps get in touch with Realtek to obtain updated Realtek audio drivers for affected Dell computers using Windows 10.
DELL-Chris M
Community Manager
Community Manager
•
54.2K Posts
0
April 29th, 2020 04:00
Dell is aware of this Realtek security vulnerability (CVE-2019-19705). We are working with our suppliers to understand the impact and will communicate any necessary security updates or mitigations as they become available on our Security Advisories and Notices website. Because most of these updates apply to Windows 10, posting in this board is applicable. The Virus & Spyware board could also be applicable.
erpster05
219 Posts
0
April 27th, 2020 06:00
A follow up on this:
There are updated Realtek HD Audio drivers that Dell released this April 2020 like the following which resolve the security vulnerability:
version 6.0.8895.1 A23 - DriverID: 88xxx (for business class machines like Latitude 5285/5290/7285 2-in-1 laptops)
version 6.0.8895.1 A16 - DriverID: mm88c (for consumer class machines like Inspiron 15 5566, Vostro 15 3568, XPS 15 9560, etc.)
though it would be great if Dell would add a description in the Fixes & Enhancements section of those driver download pages that these new realtek audio drivers resolve the security vulnerability which may lead to DLL preloading and reference CVE-2019-19705.
Slightly older Dell machines like Inspiron 15 5565, Optiplex 3050/5050/7050, Optiplex 7450 AIO, Precision 5820/7820/7920 Tower PCs, ChengMing 3967/3977 & Latitude 5490/5590/7290/7390/7490 laptops need updated Realtek audio drivers like the 8895 versions being offered to fix the security problem.
olavrb
2 Posts
0
April 28th, 2020 00:00
There is a dedicated email address to report security related events to Dell. I emailed them about this vulnerability 12th of february. They said they are looking at publishing a fix in the end of may.
I also contacted HP and Lenovo at around the same time. HP published a security bulletine on 24. april available here, while Lenovo published one 12. mars already, available here. Dell is lagging behind.