Cyber forensics course specialists report the presence of a new vulnerability in the SupportAssist tool, of the computer equipment manufacturer Dell; the reported flaw could allow threat actors to execute code with administrator privileges on exposed computers executing non-updated versions of this tool to take control of the victims’ systems.
Although the company released a patch to fix
this vulnerability last week, many users could remain exposed until Dell
notifies them directly about the update for the tool, used for debugging
processes, troubleshooting and some automatic updates for Dell.
Cyber forensics course specialists believe that
the number of potentially affected users is considerable, since SupportAssist
is a preinstalled tool on Dell systems with Windows
operating system; it should be noted that Dell computers sold without operating
system are not affected by this vulnerability.
The vulnerability, tracked as CVE-2019-3719, is a remote code
execution flaw that could allow an attacker to take control of a vulnerable device.
The attack consists on directing the victim to a malicious web site from which
the SupportAssist tool will be forced to download and execute files from a
hacker-controlled location.
According to cyber forensics course experts,
this tool runs as an administrator, so hackers might have access to specific
systems in case the attack succeeds.
Specialists from the International Institute of
Cyber Security (IICS) mention that this is a serious attack, because it does
not require user interaction to succeed; attackers only need to direct the user
to the malicious web site; in addition, the JavaScript code designed by the
attacker can be hidden in iframes of legitimate sites.
After the company launched the update patch,
the investigators who reported the vulnerability published an attack proof of concept
on GitHub, proving that it could be deployed relatively easily. The company
responded promptly to reports on the flaw and, after a couple of months of hard
work, the update is finally available for all Dell users.
