Network security experts from the firm SafeBreach reported a severe vulnerability in Dell manufacturer’s SupportAssist software. According to the report, the flaw affects not only the devices of this company, but other OEMs that use this software. Dell has just released a patch to fix the vulnerability, so users are advised to update as soon as possible.
The main function of this software is malware protection; however, this is not the first time that vulnerabilities in SupportAssits are discovered. Last April, network security specialists found a flaw that allowed malicious actors to run remote code by abusing this software.
SupportAssist was supposed to update the drivers through the Dell website, but instead it exposed users to various malicious activities, such as sensitive information theft and code execution on the compromised machine.
The first vulnerability found was quickly corrected by the company, although the total number of affected users is still unknown. The main drawback is that this software uses administrative rights by default and, if SupportAssist is compromised, can provide extensive access to the infected device. The last vulnerability found is also a privilege escalation flaw.
In the report, network security experts mention that threat actors attacked SupportAssist because of the critical hardware access it has; “Hackers assumed that abusing a tool with broad access to the targeted system could force a privilege escalation”, the experts commented.
Specialists from the International Institute of Cyber Security (IICS) comment that this software is pre-installed on multiple Dell laptop models, so its potential scope is considerable. Other manufacturers also use this software under the name PC-Doctor Toolbox.
Users of computer equipment that includes this software must install the update patches, regardless of whether or not they use this tool. Enabling the auto-update feature is also a good measure to mitigate any vulnerability exploitation risks.