News

Leak in Dell SupportAssist software enabled remote code execution

By admin
Spread the love

Dell’s SupportAssist software contained a vulnerability that left most of the company’s recent computers vulnerable. The vulnerability allowed code execution on the system. Dell has since closed the leak with a patch.

The vulnerability was present in all versions of SupportAssist prior to 3.2.0.90. The software is installed by default on most new Dell devices running Windows. The manufacturer recommends that customers update the tool as soon as possible.

SupportAssist is a diagnostic tool that collects system information to help customers get better support. A 17-year-old security researcher found an opportunity to perform a DNS spoofing attack through the tool and perform remote code execution on the victim’s system.

The researcher published a proof of concept on his website after Dell released a patch. He also published a short video showing how he carried out the attack.

You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Logitech acquires stream controller maker Loupedeck

News

Anticheat FaceIT gets Linux version, enables Steam Deck support