Dell released a security update to fix a vulnerability of its support software (SupportAssist Client). SupportAssist allows users from the same Network Access layer that have not been identified to remotely run malware executable on vulnerable computers.
According to the company's website, SupportAssist software is "pre-installed on most of Dell's new devices running the Windows operating system" and "actively monitors the health of both the hardware and the system software." When it finds a problem, it sends it to Dell to start troubleshooting. ”
Most new Dell computers are exposed to Remote Code Execution (RCE) attacks.
The defect of the software has been reported as CVE-2019-3719 (CVSSv3) that reaches 8.0 from the National Vulnerability Database (or NVD)).
Dell updated SupportAssist software at the end of April of 2019 after an initial report received from a 17 security researcher (Bill Demirkapi) on 10 October 2018.
Dell advises all its clients to update the SupportAssist Client as soon as possible by indicating that all versions prior to 220.127.116.11 are vulnerable to remote code execution attacks.
Dell reportedly also repaired an improper origin validation flaw in the SupportAssist Client software reported by John C. Hennessy-ReCar, which has been reported as CVE-2019-3718 with a high-grade 3.0 rating (CVSS v8,8).
Watch the video demo on YouTube that shows its PoC