Security News > 2020 > February > Dell fixes privilege elevation bug in support software

Users of Dell SupportAssist should patch their software immediately to fix a software bug that could lead to arbitrary code execution, the PC vendor said this week.

SupportAssist is a Dell software product that comes preinstalled on most of its Windows-based endpoints.

It performs diagnostic tasks and streamlines the creation of support tickets for Dell machines by sending back the appropriate data to Dell operatives.

By forcing the SupportAssist software to run a DLL, an attacker could have it run with the Dell application's privileges, effectively mounting a privilege elevation attack.

The vulnerability affects versions of SupportAssist dating back to 2.0, but Dell has fixed the problem in the latest versions of its software.

News URL

https://nakedsecurity.sophos.com/2020/02/13/dell-fixes-privilege-elevation-bug-in-support-software/