Security News > 2020 > February > Tens of millions of biz Dell PCs smacked by privilege-escalation bug in bundled troubleshooting tool

Tens of millions of biz Dell PCs smacked by privilege-escalation bug in bundled troubleshooting tool
2020-02-11 15:01

Dell has copped to a flaw in SupportAssist - a Windows-based troubleshooting program preinstalled on nearly every one of its newer devices running the OS - that allows local hackers to load malicious files with admin privileges.

SupportAssist scans the system's hardware and software, and when an issue is detected, it sends the necessary system state information to Dell for troubleshooting to begin.

The flaw, which has a severity rating of "High", affects Dell SupportAssist for business PCs version 2.1.3 or earlier and for home PCs version 3.4 or earlier.

Dell shipped 46.5 million PCs last year, according to industry analyst IDC. We have contacted Dell EMC for comment.

Dell has been in touch with The Reg to say: "As you're aware, Dell has released fixes for an uncontrolled search path vulnerability within Dell SupportAssist Client. Customers can review Dell's Security Advisory for affected products, versions and additional information. We'd like to thank Eran Shimony for reporting the vulnerability and working with us to disclose the remediation."


News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/02/11/dell_supportassist_flaw/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Dell 1678 29 437 430 109 1005