Dell SupportAssist Bug Exposes Business, Home PCs To Attacks

Dell published a security update to patch a SupportAssist Client software flaw which enables potential local attackers to execute arbitrary code with Administrator privileges on vulnerable computers.

According to Dell’s website, the SupportAssist software is “preinstalled on most of all new Dell devices running Windows operating system.”

SupportAssist also “proactively checks the health of your system’s hardware and software. When an issue is detected, the necessary system state information is sent to Dell for troubleshooting to begin,” BleepingComputer reported.

Subscribe
Notify of
guest

2 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
James McQuiggan
James McQuiggan , Security Awareness Advocate
InfoSec Expert
February 12, 2020 10:36 am

It\’s important for consumers and organizations to patch not only Windows operating systems, but all software and firmware on the systems. Often times, we hear about the Windows vulnerabilities, but there are times when systems are exploited because of a software or firmware update that wasn\’t patched.

This is like having a leak in the roof — you may not notice until it\’s too late when there is a heavy rain storm and water starts leaking through the roof and causing damage. When you have a system that\’s not patched, you may not notice at first, but if a criminal attacker discovers the leak, they will exploit the weakness and try to take control of the system.

Patching should be a high priority action to harden and protect systems from being abused.

Last edited 2 years ago by James McQuiggan
Eoin Keary
Eoin Keary , CEO and Cofounder
InfoSec Expert
February 11, 2020 3:12 pm

Agents such as SupportAssist have access to users device in an autonomous way in order to monitor both hardware and software.

SupportAssist agent’s minimum requirements are administration access privileges. This level of privilege combined with a vulnerability associated with remote code execution (RCE) could easily become widespread and very disruptive, and could potentially affects millions of PCs globally. In a corporate environment, I\’d suggest removing SupportAssist from all machines. It does not provide much value to corporate users. The idea of having agents enabled on a computer, running with administration access which can send data outside the corporate network, is a risk that should be removed.

Obviously patching of systems on a continuous basis is also key to any robust cyber security posture. If you have never used SupportAssist, I would advise users to remove it. The same rule stands for any software on your computer. With more \”moving parts\” there are, the more complex it become to secure the attack surface and the larger becomes the risk.

Last edited 2 years ago by Eoin Keary
Information Security Buzz
2
0
Would love your thoughts, please comment.x
()
x