Friday, January 22, 14:45
Home inet Dell: Update your computers directly

Dell: Update your computers directly

Dell released a security update to fix a vulnerability of its support software (SupportAssist Client). SupportAssist allows users from the same Network Access layer that have not been identified to remotely run malware executable on vulnerable computers.

Dell

According to the company's website, SupportAssist software is "pre-installed on most of Dell's new devices running the Windows operating system" and "actively monitors the health of both the hardware and the system software." When it finds a problem, it sends it to Dell to start troubleshooting. ”

Most new Dell computers are exposed to Remote Code Execution (RCE) attacks.

The defect of the software has been reported as CVE-2019-3719 (CVSSv3) that reaches 8.0 from the National Vulnerability Database (or NVD)).

Dell updated SupportAssist software at the end of April of 2019 after an initial report received from a 17 security researcher (Bill Demirkapi) on 10 October 2018.

Dell advises all its clients to update the SupportAssist Client as soon as possible by indicating that all versions prior to 3.2.0.90 are vulnerable to remote code execution attacks.

Dell reportedly also repaired an improper origin validation flaw in the SupportAssist Client software reported by John C. Hennessy-ReCar, which has been reported as CVE-2019-3718 with a high-grade 3.0 rating (CVSS v8,8).

Security researcher Bill Demirkapi has discovered that RCE vulnerability can be exploited by attackers using ARP and DNS violations such as describes in detail on proof-of-concept which he published.

Watch the video demo on YouTube that shows its PoC

_________________

LEAVE ANSWER

Please enter your comment!
Please enter your name here

SecNews
SecNewshttps://www.secnews.gr
In a world without fences and walls, who needs Gates and Windows

LIVE NEWS

Netflix: Watch the 9 best Anime movies of all time

One of the good things about the pandemic was that many people were introduced to the anime world. And the issue with anime is ...

CHwapi: Windows BitLocker "hit" the Belgian hospital!

The CHwapi hospital in Belgium was attacked by a cyber attack on January 17, with hackers claiming to have encrypted 40 servers and 100 ...

CPU / GPU Lotteries: Newegg sells the few on the market

Hardware shortages are not uncommon, but the pandemic has worsened the situation. The whole planet is closed to ...

United Kingdom: Malware infects laptops delivered to students

In the context of e-learning implemented in many countries since the outbreak of the COVID-19 pandemic, governments are distributing the necessary equipment ...

iOS 14.4: Anti-tracking feature released to developers

Apple yesterday released to developers "Release Candidates" for iOS 14.4 and the corresponding iPad. It is probably the last step ...

Sophos: "Iranian company behind MrbMiner crypto-mining botnet"!

Cybersecurity company Sophos says it has uncovered links between MrbMiner crypto-mining botnet operators and a small Iranian development company ...

A minor sued Twitter for not removing child pornography material

According to court documents, Twitter received a lawsuit as it allegedly refused to remove child pornography content from its site ....

Microsoft Edge will notify you if your password is compromised

A new built-in password generator and a possibility to monitor the credentials that have leaked to Windows and macOS systems, is released by ...

Teespring: Hacker leaked data of millions of its users!

A hacker leaked data on millions of registered Teespring users on January 17 - an online portal that allows users to create and ...

QNAP: New Dovecat crypto-miner infects NAS devices

QNAP has warned its customers about a new malware (crypto-miner) called Dovecat, which targets NAS (network-attached storage) devices ...