#1 Trusted Cybersecurity News Platform Followed by 3.45+ million
The Hacker News Logo
Subscribe to Newsletter

Dell SupportAssist | Breaking Cybersecurity News | The Hacker News

Security Flaw in Pre-Installed Dell Support Software Affects Million of Computers

Security Flaw in Pre-Installed Dell Support Software Affects Million of Computers

Jun 21, 2019
Dell's SupportAssist utility that comes pre-installed on millions of Dell laptops and PCs contains a security vulnerability that could allow malicious software or rogue logged-in users to escalate their privileges to administrator-level and access sensitive information. Discovered by security researchers at SafeBreach Labs , the vulnerability, identified as CVE-2019-12280, is a privilege-escalation issue and affects Dell's SupportAssist application for business PCs (version 2.0) and home PCs (version 3.2.1 and all prior versions). Dell SupportAssist, formerly known as Dell System Detect, checks the health of your system's hardware and software, alerting customers to take appropriate action to resolve them. To do so, it runs on your computer with SYSTEM-level permissions. With this high-level privileges, the utility interacts with the Dell Support website and automatically detects Service Tag or Express Service Code of your Dell product, scans the existing device d
Pre-Installed Software Flaw Exposes Most Dell Computers to Remote Hacking

Pre-Installed Software Flaw Exposes Most Dell Computers to Remote Hacking

May 02, 2019
If you use a Dell computer, then beware — hackers could compromise your system remotely. Bill Demirkapi, a 17-year-old independent security researcher, has discovered a critical remote code execution vulnerability in the Dell SupportAssist utility that comes pre-installed on most Dell computers . Dell SupportAssist , formerly known as Dell System Detect , checks the health of your computer system's hardware and software. The utility has been designed to interact with the Dell Support website and automatically detect Service Tag or Express Service Code of your Dell product, scan the existing device drivers and install missing or available driver updates, as well as perform hardware diagnostic tests. If you are wondering how it works, Dell SupportAssist in the background runs a web server locally on the user system, either on port 8884, 8883, 8886, or port 8885, and accepts various commands as URL parameters to perform some-predefined tasks on the computer, like collecting
cyber security

external linkeBook: 3 Steps to Implement Zero Trust Access

websitewww.cyolo.ioZero Trust Security
Streamline your zero-trust access journey with three simple steps for high-risk, remote, and hybrid users.
Cybersecurity Resources