Vulnerability found in preinstalled tool on Dell computers allows remote access

Cyber forensics course specialists report the presence of a new vulnerability in the SupportAssist tool, of the computer equipment manufacturer Dell; the reported flaw could allow threat actors to execute code with administrator privileges on exposed computers executing non-updated versions of this tool to take control of the victims’ systems.

Although the company released a patch to fix this vulnerability last week, many users could remain exposed until Dell notifies them directly about the update for the tool, used for debugging processes, troubleshooting and some automatic updates for Dell.

Cyber forensics course specialists believe that the number of potentially affected users is considerable, since SupportAssist is a preinstalled tool on Dell systems with Windows operating system; it should be noted that Dell computers sold without operating system are not affected by this vulnerability.

The vulnerability, tracked as CVE-2019-3719, is a remote code execution flaw that could allow an attacker to take control of a vulnerable device. The attack consists on directing the victim to a malicious web site from which the SupportAssist tool will be forced to download and execute files from a hacker-controlled location.

According to cyber forensics course experts, this tool runs as an administrator, so hackers might have access to specific systems in case the attack succeeds.

Specialists from the International Institute of Cyber Security (IICS) mention that this is a serious attack, because it does not require user interaction to succeed; attackers only need to direct the user to the malicious web site; in addition, the JavaScript code designed by the attacker can be hidden in iframes of legitimate sites.

After the company launched the update patch, the investigators who reported the vulnerability published an attack proof of concept on GitHub, proving that it could be deployed relatively easily. The company responded promptly to reports on the flaw and, after a couple of months of hard work, the update is finally available for all Dell users.