Dell SupportAssist attention vulnerability software (2)!

Dell he said on June 21 that a critical update was released for the Dell SupportAssist – which Dell probably has if you did not immediately remove the pre-installed rubbish.

Specifically, in SupportAssist's PC-Doctor, there is a vulnerability in the way it checks (or does not check) the validity of certain DLLs on your computer.

If someone is able to pass a malicious DLL on your machine, to a specific location and to a specific file name, PC-Doctor runs it with system-wide privileges.

Dell SupportAssist

According to the company, Dell SupportAssist for Business PC in 2.0.1 and Dell SupportAssist for Home PC in 3.2.2 are the builds you need to install immediately to protect your computers.

The company has this specific troubleshooter with every new desktop - laptop and tablet. 

The company SafeBreach Labs was the first to discover the bug, and initially reported to Dell that SupportAssist could run DLLs at the SYSTEM level.

This means that if a malicious application leaves its own .dll file somewhere on the disk, it only has to wait for it to "meet" with SupportAssist.

Of course, if you have a Dell computer and you have not updated your system, you should do so immediately.

“We can assume that all Dell computers running the Windows system without changes from the manufacturer are vulnerable,” says SafeBreach Labs.

But the most worrying thing is that the security company believes that not only Dell has software with this flaw.

The reason for this is that the vulnerability is in a third-party component of it Dell SupportAssist, which is developed and maintained by PC Doctor, a support and diagnostics application company:

PC Doctor sells its software to computer manufacturers that then integrate it into their products, such as SupportAssist in the case of Dell.

You may remember that the same software Dell SupportAssist had another security gap in May of 2019.

Of course, from iGuRu.gr, we have repeatedly mentioned that you do not have to continue using such crapware, so an alternative to updating is the uninstall of the application.

________________

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.087 registrants.

buildsbusinesscrapwaredellSupportAssist

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).