Dell he said on June 21 that a critical update has been released for Dell SupportAssist software – which Dell probably has computer if you did not immediately remove the pre-installed rubbish.
Specifically, in SupportAssist's PC-Doctor, there is a vulnerability in the way it checks (or does not check) the validity of certain DLLs on your computer.
If someone manages to slip a malicious DLL onto your machine, in a specific location and with a specific name archiveuh, PC-Doctor runs it with system-level privileges.
According to the company Dell SupportAssist for Business PC app version 2.0.1 and Dell SupportAssist for Home PC app version 3.2.2 are the builds which you should install immediately to protect your computers.
The company has this specific troubleshooter with every new desktop - laptop and tablet.
The SafeBreach Labs security company was the first to discover the error, and it originally announced to Dell that SupportAssist can run SYSTEM-level DLLs.
This means that if a malicious application leaves its own .dll file somewhere on the disk, it only has to wait for it to "meet" with SupportAssist.
Of course, if you have a Dell computer and you have not updated your system, you should do so immediately.
“We can assume that all Dell computers running the functional Windows system without changes from the manufacturer are vulnerable,” says SafeBreach Labs.
But the most worrying thing is that the security company believes that not only Dell has software with this flaw.
The reason for this is that vulnerability is in a component of Dell's third-party SupportAssist software, developed and maintained by PC Doctor, a support and diagnostic application company:
PC Doctor sells its software to computer manufacturers that then integrate it into their products, such as SupportAssist in the case of Dell.
You may remember that the same software Dell SupportAssist had another security gap in May of 2019.
Βέβαια από το iGuRu.gr, έχουμε αναφέρει πολλές φορές ότι δεν χρειάζεται να συνεχίσετε να χρησιμοποιείτε τέτοιου είδους crapware, οπότε μια εναλλακτική λύσης της ενημέρωσης, είναι και η Uninstall of the application.
________________
- YTS new .LT Domain, visible in Greece without DNS change
- Facebook Libra: Three questions for Facebook
- Florida paid 600.000 ransom dollars to ransomware