If you are using the latest Dell laptops or the PCs, just be careful of using the Dell SupportAssist Utility. This pre-installed utility reportedly exposes your machines to a remote attack wherein the hackers can execute remote code in the PC and take over your computer systems. However, the company has already released a patch for this bug but many of the Dell machines are still vulnerable to the remote code execution and hijack.
Dell SupportAssist Tool vulnerability fixed
Through the SupportAssist utility, the attackers trick the user to download and run the files from a malicious webpage. This gives the attacker complete access to the computer systems. The tool has the admin level access to Windows and can automatically install all the available updates to your computer.
The vulnerability was first noticed and reported by a 17 years old security researcher, Bill Demirkapi. Demirkapi says,
“The attacker needs to be on the victim’s network in order to perform an ARP Spoofing Attack and a DNS Spoofing Attack on the victim’s machine in order to achieve remote code execution”.
Now, if you think that it’s not that easy, you are wrong. The attackers can easily use the public WiFi networks where numerous PCs are connected, or they can use the large enterprise networks too to compromise the machine and launch their remote code. Also, hackers can compromise a local WiFi router and alter DNS traffic directly.
Demirkapi has explained the attack clearly in his blog and also has created a video to show how easily the attackers use Dell SupportAssist to get access to your machine.
Dell has taken the report very seriously and has already released a patch and released the SupportAssist v3.2.0.90 for all the Dell users. The users are advised to download the latest version of the tool.
Head over to Demirkapi’s blog to know more about this vulnerability.
Leave a Reply