Dell is reporting a high-rated vulnerability in its SupportAssist for business and home PCs that could result in remote code execution.

affects business PC versions 2.0 through 2.1.3 and home PC versions 2.0 through
3.4. Each contain an uncontrolled search path vulnerability that can be exploited
by a locally authenticated low-privileged user to cause the loading of
arbitrary DLLs by the SupportAssist binaries, resulting in the privileged
execution of arbitrary code.

Dell has
issued patches
fixing the vulnerability and for those who do not have automatic updates
enabled the company is recommending they update to Dell SupportAssist for
business PCs version 2.1.4 Dell SupportAssist for home PCs version 3.4.1.

McQuiggan, security awareness advocate at KnowBe4, noted that this vulnerability
brings to light the fact that it’s not just operating system or major
application patches that have to be kept current

important for consumers and organizations to patch not only Windows operating
systems, but all software and firmware on the systems. Often times, we hear
about the Windows vulnerabilities, but there are times when systems are
exploited because of a software or firmware update that wasn’t patched,” he