Platform
- Platform
- Platform Overview
  All Technology Asset Intelligence in 1 place.
- Asset Discovery
  In-depth discovery across the technology estate.
- Asset Inventory
  All asset data unified in one place.
- Asset Analytics
  Empower your decision-making with trusted data.
TRY NOW
Why Lansweeper?
- Why Lansweeper?
- Why Lansweeper?
  Lansweeper helps you to minimize risks and optimize your IT by providing actionable insight into your entire technology estate.
- By Role
  Complete visibility for everyone.
  For System Administrators For IT Managers For C-suite For Cybersecurity Teams For IT Support For MSPs
- By Use Case
  Fuel any IT scenario.
  Discover & Inventory My IT Assets OT Asset Management Replace Inventory Spreadsheets Enhance Cybersecurity Improve CMDB Data Quality Achieve Service Desk Excellence
- By Industry
  Flexibility for your industry.
  Education Healthcare Manufacturing Public Sector
TRY NOW
Integrations
Partners
- Partners
- Partner Ecosystem
  Leverage the power of our data to accelerate growth.
- MSP
  Exceed customer expectations with data-driven managed services.
- ISV Technology Partners
  Integrate or embed our technology to build smarter solutions.
- Channel Partners
  Whether you service, distribute, consult, or resell – we have partner programs to help you grow.
- Find a partner
  Find a trusted Lansweeper certified partner.
TRY NOW
Pricing
Resources
- Resources
- Resources
  Browse resources tailored to your needs.
- Blog
  Discover the latest product news, pro tips, and more.
- Support Help Center
  Need help? Browse extensive resources.
- Success Stories
- Ebooks & White Papers
  Detailed documents you can download for free.
- Webinars & Events
  Register for live or virtual events.
- Report Library
  Browse our extensive audit report library.
- Community
  Start a conversation with your peers.
- Developer Portal
TRY NOW

TRY NOW

News

Dell PCs Exposed to Pre-Installed SupportAssist Security Exploit

2 min. read

02/05/2019

By Nils Macharis

Critical Remote Code Execution Vulnerability in Dell SupportAssist

[Update 25 June 2021] Get the report for the latest Dell SupportAssist BIOSconnect Flaw

Dell issued a security update to patch a SupportAssist Client software vulnerability which allows potential attackers to remotely execute arbitrary executables on vulnerable computers. Run our custom vulnerability report and get a list of all affected devices in no time.

Bill Demirkapi, a 17-year-old independent security researcher, has discovered a critical Remote Code Execution vulnerability in the Dell SupportAssist utility that comes pre-installed on most Dell computers.

Dell SupportAssist, formerly known as Dell System Detect, checks the health of your computer system’s hardware and software. The software has been designed to interact with the Dell Support website and automatically detect Service Tag or Express Service Code of your Dell products.

As explained by Dell in its advisory, “An unauthenticated attacker, sharing the network access layer with the vulnerable system, can compromise the vulnerable system by tricking a victim user into downloading and executing arbitrary executables via SupportAssist client from attacker hosted sites.”

The remote code execution vulnerability, identified as CVE-2019-3719, affects Dell SupportAssist versions prior to version 3.2.0.90. Dell users are advised to either install the updated Dell SupportAssist 3.2.0.90 or later, or simply uninstall the application altogether.

Besides this issue, Dell has also patched an improper origin validation (CVE-2019-3718) vulnerability in the SupportAssist software that could have allowed an unauthenticated, remote attacker to attempt CSRF attacks on users’ systems.

Get A Report of all Vulnerable SupportAssist Installations

If you currently have Dell SupportAssist deployed on your workstations, it’s pretty critical that you update it at the earliest opportunity to ensure that you don’t fall prey to this exploit.

Our custom color-coded vulnerability report can tell you in no time which devices have a vulnerable Dell SupportAssist version in place and need to be patched.

Dell SupportAssist Vulnerabity CVE 2019 3719 — Sample Report: Dell SupportAssist Vulnerability

If you haven’t already, start your free Lansweeper trial and get a list of all vulnerable Dell SupportAssist versions in no time.

STAY UPDATED

Stay updated with Lansweeper by signing up for our newsletter.

"*" indicates required fields

Email*

Hidden

EmailType

Hidden

IM – Conv Page – Processing

Hidden

IM – UTM_Campaign FC – Processing

Hidden

IM – UTM_Campaign LC – Processing

Hidden

IM – UTM_Content FC – Processing

Hidden

IM – UTM_Content LC – Processing

Hidden

IM – UTM_Medium FC – Processing

Hidden

IM – UTM_Medium LC – Processing

Hidden

IM – UTM_Source FC – Processing

Hidden

IM – UTM_Source LC – Processing

Hidden

IM – UTM_Term FC – Processing

Hidden

IM – UTM_Term LC – Processing

Hidden

gclid

Hidden

msclkid

Comments

This field is for validation purposes and should be left unchanged.

NO CREDIT CARD REQUIRED

Ready to get started?
You’ll be up and running in no time.

Explore all our features, free for 14 days.

TRY NOW TALK TO SALES