Network security experts from the firm SafeBreach reported a severe vulnerability in Dell manufacturer’s SupportAssist software. According to the report, the flaw affects not only the devices of this company, but other OEMs that use this software. Dell has just released a patch to fix the vulnerability, so users are advised to update as soon as possible.
The main function of this software is malware
protection; however, this is not the first time that vulnerabilities in
SupportAssits are discovered. Last April, network security specialists found a
flaw that allowed malicious actors to run remote code by abusing this software.
SupportAssist was supposed to update the
drivers through the Dell website, but instead it exposed users to various
malicious activities, such as sensitive information theft and code execution on
the compromised machine.
The first vulnerability found was quickly
corrected by the company, although the total number of affected users is still
unknown. The main drawback is that this software uses administrative rights by
default and, if SupportAssist is compromised, can provide extensive access to
the infected device. The last vulnerability found is also a privilege
escalation flaw.
In the report, network security experts mention
that threat actors attacked SupportAssist because of the critical hardware
access it has; “Hackers assumed that abusing a tool with broad access to
the targeted system could force a privilege escalation”, the experts
commented.
Specialists from the International Institute of
Cyber Security (IICS) comment that this software is pre-installed on multiple
Dell laptop models, so its potential scope is considerable. Other manufacturers
also use this software under the name PC-Doctor Toolbox.
Users of computer equipment that includes this
software must install the update patches, regardless of whether or not they use
this tool. Enabling the auto-update feature is also a good measure to mitigate
any vulnerability exploitation risks.
