Critical Remote Code Execution Vulnerability in Dell SupportAssist
Dell issued a security update to patch a SupportAssist Client software vulnerability which allows potential attackers to remotely execute arbitrary executables on vulnerable computers. Run our custom vulnerability report and get a list of all affected devices in no time.
Bill Demirkapi, a 17-year-old independent security researcher, has discovered a critical Remote Code Execution vulnerability in the Dell SupportAssist utility that comes pre-installed on most Dell computers.
Dell SupportAssist, formerly known as Dell System Detect, checks the health of your computer system's hardware and software. The software has been designed to interact with the Dell Support website and automatically detect Service Tag or Express Service Code of your Dell products.
As explained by Dell in its advisory, "An unauthenticated attacker, sharing the network access layer with the vulnerable system, can compromise the vulnerable system by tricking a victim user into downloading and executing arbitrary executables via SupportAssist client from attacker hosted sites."
The remote code execution vulnerability, identified as CVE-2019-3719, affects Dell SupportAssist versions prior to version 220.127.116.11. Dell users are advised to either install the updated Dell SupportAssist 18.104.22.168 or later, or simply uninstall the application altogether.
Besides this issue, Dell has also patched an improper origin validation (CVE-2019-3718) vulnerability in the SupportAssist software that could have allowed an unauthenticated, remote attacker to attempt CSRF attacks on users' systems.
Get A Report of all Vulnerable SupportAssist Installations
If you currently have Dell SupportAssist deployed on your workstations, it's pretty critical that you update it at the earliest opportunity to ensure that you don't fall prey to this exploit.
Our custom color-coded vulnerability report can tell you in no time which devices have a vulnerable Dell SupportAssist version in place and need to be patched.
If you haven't already, start your free Lansweeper trial and get a list of all vulnerable Dell SupportAssist versions in no time.