Dell SupportAssist DLL Hijacking Vulnerability Audit

Find SupportAssist Installations Vulnerable to the New CVE-2019-12280 Vulnerability

Just shortly after the previous SupportAssist remote code execution vulnerability, a new vulnerability has been discovered and fixed in the pre-installed Dell SupportAssist software. Just like the previous SupportAssist vulnerability blog post, you can find all the details in our new SupportAssist DLL hijacking vulnerability blog post. The vulnerability is known as CVE-2019-12280.

This audit checks whether your computers have an outdated Dell SupportAssist installation or not. It provides you with a color-coded overview so you can easily identify which machines need to be updated as soon as possible.

Dell Support Assist CVE-2019-12280

Dell SupportAssist DLL Hijacking Vulnerability Query

Select Distinct Top 1000000 tblAssets.AssetID,
  tblAssets.AssetName,
  tblAssets.Domain,
  tsysAssetTypes.AssetTypename As AssetType,
  tblAssets.Username,
  tblAssets.Userdomain,
  tsysAssetTypes.AssetTypeIcon10 As icon,
  tblAssets.IPAddress,
  tblSoftwareUni.softwareName As Software,
  tblSoftware.softwareVersion As Version,
  tblSoftwareUni.SoftwarePublisher As Publisher,
  Case
    When tblSoftwareUni.softwareName Like '%SupportAssist' And
      tblSoftware.softwareVersion < '3.2.2' Then 'Vulnerable'
    Else 'Safe'
  End As Vulnerable,
  tsysIPLocations.IPLocation,
  tblAssetCustom.Manufacturer,
  tblAssetCustom.Model,
  tsysOS.OSname As OS,
  tblAssets.SP,
  tblAssets.Lastseen,
  tblAssets.Lasttried,
  tblSoftware.Lastchanged As SoftwareLastChanged,
  Case
    When tblSoftwareUni.softwareName Like '%SupportAssist' And
      tblSoftware.softwareVersion < '3.2.2' Then '#ffadad'
    Else '#d4f4be'
  End As backgroundcolor
From tblAssets
  Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
  Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
  Inner Join tsysIPLocations On tsysIPLocations.LocationID =
    tblAssets.LocationID
  Inner Join tblState On tblState.State = tblAssetCustom.State
  Inner Join tblSoftware On tblAssets.AssetID = tblSoftware.AssetID
  Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblSoftware.softID
  Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Where tblSoftwareUni.softwareName Like '%SupportAssist' And tblState.Statename =
  'Active'
Order By tblAssets.IPAddress Desc

Audit and Take Action in 3 Easy Steps

Download-Install-Lansweeper

1. Download & Install Lansweeper

Save-and-Run-the-Report

3. Run the Audit & Take Action

Download Lansweeper to Run this Audit

Harness the Power of Reporting