Dell SupportAssist Bug Exposes Business, Home PCs To Attacks

Dell published a security update to patch a SupportAssist Client software flaw which enables potential local attackers to execute arbitrary code with Administrator privileges on vulnerable computers.

According to Dell’s website, the SupportAssist software is “preinstalled on most of all new Dell devices running Windows operating system.”

SupportAssist also “proactively checks the health of your system’s hardware and software. When an issue is detected, the necessary system state information is sent to Dell for troubleshooting to begin,” BleepingComputer reported.


EXPERTS COMMENTS
James McQuiggan, Security Awareness Advocate,  KnowBe4
February 12, 2020
It's important for consumers and organizations to patch not only Windows operating systems, but all software and firmware on the systems.
It's important for consumers and organizations to patch not only Windows operating systems, but all software and firmware on the systems. Often times, we hear about the Windows vulnerabilities, but there are times when systems are exploited because of a software or firmware update that wasn't patched. This is like having a leak in the roof -- you may not notice until it's too late when there is ....
[Read More >>]
Eoin Keary, CEO and Cofounder,  Edgescan
February 11, 2020
Obviously patching of systems on a continuous basis is also key to any robust cyber security posture.
Agents such as SupportAssist have access to users device in an autonomous way in order to monitor both hardware and software. SupportAssist agent’s minimum requirements are administration access privileges. This level of privilege combined with a vulnerability associated with remote code execution (RCE) could easily become widespread and very disruptive, and could potentially affects millions ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article