Dell SupportAssist Critical Vulnerability Allows for Remote Attacks
A critical vulnerability impacting Dell’s SupportAssist software could allow a remote attacker to execute code with admin privileges on impacted devices. SupportAssist is installed by default on all Dell laptops and PCs and may also be installed or updated when visiting Dell’s Support website.
To exploit the vulnerability an attacker could lure a target to a malicious web page which would then allow remote code to compromise the SupportAssist tool. Since the SupportAssist tool has admin privileges the attacker would then have full access into the system.
Steps Taken by Tier1Net
Tier1Net has identified all impacted devices within its customer networks and is deploying the patch which was recently released by Dell. The patch should run with no user intervention required.
Recommendation for Home Users
For home users with Dell PCs please visit this Tier1Net knowledgebase article for instructions on identifying whether SupportAssist is installed and in need of the update.