Dell is reporting a high-rated vulnerability in its SupportAssist for business and home PCs that could result in remote code execution.
affects business PC versions 2.0 through 2.1.3 and home PC versions 2.0 through
3.4. Each contain an uncontrolled search path vulnerability that can be exploited
by a locally authenticated low-privileged user to cause the loading of
arbitrary DLLs by the SupportAssist binaries, resulting in the privileged
execution of arbitrary code.
fixing the vulnerability and for those who do not have automatic updates
enabled the company is recommending they update to Dell SupportAssist for
business PCs version 2.1.4 Dell SupportAssist for home PCs version 3.4.1.
McQuiggan, security awareness advocate at KnowBe4, noted that this vulnerability
brings to light the fact that it’s not just operating system or major
application patches that have to be kept current
important for consumers and organizations to patch not only Windows operating
systems, but all software and firmware on the systems. Often times, we hear
about the Windows vulnerabilities, but there are times when systems are
exploited because of a software or firmware update that wasn’t patched,” he
Want to read more?
Please login or register first to view this content.