Dell Advises PC Users to Update SupportAssist

Security

Dell has released a security alert letting customers know that they should update SupportAssist for both business and home PCs.

The vulnerability was discovered by SafeBreach security researcher Peleg Hadar, who wrote that the OEM software vulnerability puts multiple laptops at risk.

PC-Doctor, which makes and maintains the software-repair tool wrote that it had recently learned of the vulnerability, adding, “In our opinion, it would be very rare for one to have both permissions and the ability to exploit this vulnerability.

“To exploit this vulnerability, an administrative user or process would have to change the system’s PATH environment variable to include a folder writable by non-admin users, and craft a DLL that exploits PC-Doctor’s administrative privileges. It is not possible to exploit this vulnerability without modifying default Windows settings.”

“According to Dell’s website, SupportAssist is preinstalled on most of Dell devices running Windows. This means that as long as the software is not patched, the vulnerability affects millions of Dell PC users,” Hadar wrote.

The vulnerability in SupportAssist was originally report on April 29, 2019. “In our initial exploration, we targeted the ‘Dell Hardware Support’ service based on the assumption [that] such a critical service would have high permission level access to the PC hardware as well as the capability to induce privilege escalation,” Hadar said.

If exploited, attackers could load and execute malicious payloads by a signed service, which could also be abused for execution and evasion.

On May 28, the fixes provided by PC-Doctor for the affected versions of Support Assist were released by Dell.

Noting that the PC-Doctor CVE-2019-12280 vulnerability received a high severity rating, Dell’s security advisory said, “The PC Doctor component in Dell SupportAssist for Business Systems and Dell SupportAssist for Home PCs has been updated. The vulnerability affects the Dell SupportAssist for Business PCs version 2.0.1 and Dell SupportAssist for Home PCs version 3.2.2.”

Products You May Like

Articles You May Like

GoFundMe launches free platform for nonprofits and charities, rolls out button to donate anywhere
Chapter Preview: Ages 2 to 10 – The Formative Years
SIM Cards in 29 Countries Vulnerable to Remote Simjacker Attacks
Chrome for Android Enables Site Isolation Security Feature for All Sites with Login
Catalan separatists have tooled up with a decentralized app for civil disobedience

Leave a Reply

Your email address will not be published. Required fields are marked *