Mon. Nov 18th, 2019

Dell SupportAssist vulnerability let attackers gain complete control of a targeted system

2 min read

Dell SupportAssist has again a flaw. Software such as Support Assistant is mainly to help users automatically update drivers or contact technical support. Many manufacturers pre-install this type of software. The software itself has administrator privileges, so if it is used by hackers, it can be used to install malware, which will pose a very serious threat to users.

After the test, the researchers found that the Dell SupportAssist had an unknown vulnerability that could be exploited by an attacker to enforce malicious payloads. For example, an attacker exploits a vulnerability in the Dell SupportAssist to load and execute a malware payload through a signature service, which requires no user interaction.

When successfully executed, an attacker can use it to insert a virus or other malware, and then directly control the infected computer through a remote server. At the same time, the attacker can also bypass the driver signature and enforce it. This step can be used to obtain read and write access permission operations. However, no matter which method the attacker chooses, it will pose a serious threat to the user, so the user must upgrade to the latest version of the Dell SupportAssist in time.

There are millions of computers that Dell pre-installs with this assistant, so it is very dangerous if users don’t upgrade to the latest version and fix the vulnerability. Users such as Dell and Corsair are advised to immediately visit the manufacturer’s official website to obtain the latest version of the software. Of course, if you do not use the software, you can uninstall the software directly.

Via: safebreach