Dell's SupportAssist software, a Windows toolkit designed in part to protect your computer from security vulnerabilities, has another vulnerability that makes running older versions of the software a risk to your system. As noted by Gizmodo this morning, this new vulnerability was discovered by SafeBreach security researchers and disclosed Monday in a public blog. Dell has now published an update to fix it that you should download now.
A serious problem is that this vulnerability does not only affect Dell computers with SupportAssist, as was the case with a computer. entirely distinct vulnerability of SupportAssist from two months ago. This time, this can affect other notebook makers who, like Dell, use renamed versions of the same Windows package, which includes a component called PC-Doctor Toolbox. Other companies known to use this same component in software packages include the Corsair game brand, the Staples office supply chain and the Tobii remote reporting company.
Because Dell's SupportAssist has administrator-level access on your Windows-based computer and can automatically install updates, a third-party might exploit this vulnerability to install malicious code that is hidden in dynamic-link library files or DLL files. "According to the Dell website, SupportAssist is preinstalled on most Dell devices running Windows, which means that the software is not fixed, the vulnerability affects millions of Dell computer users." says Peleg Hadar, researcher at SafeBreach.
He says that there are two main ways that this can be exploited by a hacker. The first is that it could allow "attackers to charge and execute malicious payloads with the help of a signed service". The second is that the attacker could bypass the application of the driver signature to access read / write permissions. Both would give a third party considerable control over your machine in the worst case.
Although these cases are rare, it is not comforting to know that the bloatware software preloaded on your Windows computer continues to face serious problems of this type.