Dell published a security update to patch a SupportAssist Client software flaw which enables potential local attackers to execute arbitrary code with Administrator privileges on vulnerable computers.
According to Dell’s website, the SupportAssist software is “preinstalled on most of all new Dell devices running Windows operating system.”
SupportAssist also “proactively checks the health of your system’s hardware and software. When an issue is detected, the necessary system state information is sent to Dell for troubleshooting to begin,” BleepingComputer reported.
It\’s important for consumers and organizations to patch not only Windows operating systems, but all software and firmware on the systems. Often times, we hear about the Windows vulnerabilities, but there are times when systems are exploited because of a software or firmware update that wasn\’t patched.
This is like having a leak in the roof — you may not notice until it\’s too late when there is a heavy rain storm and water starts leaking through the roof and causing damage. When you have a system that\’s not patched, you may not notice at first, but if a criminal attacker discovers the leak, they will exploit the weakness and try to take control of the system.
Patching should be a high priority action to harden and protect systems from being abused.
Agents such as SupportAssist have access to users device in an autonomous way in order to monitor both hardware and software.
SupportAssist agent’s minimum requirements are administration access privileges. This level of privilege combined with a vulnerability associated with remote code execution (RCE) could easily become widespread and very disruptive, and could potentially affects millions of PCs globally. In a corporate environment, I\’d suggest removing SupportAssist from all machines. It does not provide much value to corporate users. The idea of having agents enabled on a computer, running with administration access which can send data outside the corporate network, is a risk that should be removed.
Obviously patching of systems on a continuous basis is also key to any robust cyber security posture. If you have never used SupportAssist, I would advise users to remove it. The same rule stands for any software on your computer. With more \”moving parts\” there are, the more complex it become to secure the attack surface and the larger becomes the risk.