Security News > 2020 > February > Dell fixes privilege elevation bug in support software

Dell fixes privilege elevation bug in support software
2020-02-13 13:43

Users of Dell SupportAssist should patch their software immediately to fix a software bug that could lead to arbitrary code execution, the PC vendor said this week.

SupportAssist is a Dell software product that comes preinstalled on most of its Windows-based endpoints.

It performs diagnostic tasks and streamlines the creation of support tickets for Dell machines by sending back the appropriate data to Dell operatives.

By forcing the SupportAssist software to run a DLL, an attacker could have it run with the Dell application's privileges, effectively mounting a privilege elevation attack.

The vulnerability affects versions of SupportAssist dating back to 2.0, but Dell has fixed the problem in the latest versions of its software.


News URL

https://nakedsecurity.sophos.com/2020/02/13/dell-fixes-privilege-elevation-bug-in-support-software/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Dell 1678 29 437 430 109 1005