Dell he said on June 21 that a critical update was released version for Dell SupportAssist software – which is probably present on your Dell computer if you didn't immediately remove the pre-installed junk.
Specifically, in SupportAssist's PC-Doctor, there is a vulnerability in the way it checks (or does not check) the validity of certain DLLs on your computer.
If someone is able to pass a malicious DLL on your machine, to a specific location and to a specific file name, PC-Doctor runs it with system-wide privileges.
According to the company, Dell SupportAssist for Business PC in 2.0.1 and Dell SupportAssist for Home PC in 3.2.2 are the builds you need to install immediately to protect your computers.
The company has this specific troubleshooter with every new desktop - laptop and tablet.
The SafeBreach Labs security company was the first to discover the error, and it originally announced to Dell that SupportAssist can run SYSTEM-level DLLs.
This means that if a malicious application leaves its own .dll file somewhere on the disk, it only has to wait for it to "meet" with SupportAssist.
Of course, if you have a Dell computer and you have not updated your system, you should do so immediately.
“We can assume that all Dell computers running the OS system Windows without changes from the manufacturer are vulnerable,” says SafeBreach Labs.
But the most worrying thing is that the security company believes that not only Dell has software with this flaw.
The reason for this is that the vulnerability is in a third-party component of Dell's SupportAssist software, which is developed and maintained by PC Doctor, an application company supportand diagnosis:
PC Doctor sells its software to computer manufacturers that then integrate it into their products, such as SupportAssist in the case of Dell.
You may remember that the same software Dell SupportAssist had another security gap in May of 2019.
Of course from iGuRu.gr, we have mentioned many times that you do not need to continue to use such crapware, so an alternative to the update is to uninstall the application.
________________
- YTS new .LT Domain, visible in Greece without DNS change
- Facebook Libra: Three questions for Facebook
- Florida paid 600.000 ransom dollars to ransomware
