From the Blog

Dell SupportAssist-ing Hackers

A recent vulnerability found in Dell’s SupportaAssist software found that if exploited correctly can lead to code execution for unprivileged users. This is known as an uncontrolled search path vulnerability (CVE-2020-5316).

exc-5e441034481e936b2aa9aa6d

A recent vulnerability found in Dell’s SupportaAssist software found that if exploited correctly can lead to code execution for unprivileged users. This is known as an uncontrolled search path vulnerability (CVE-2020-5316).

This vulnerability could cause a low privileged user to change the loading of arbitrary code through the SupportAssist binaries which results in privileged execution of the arbitrary code. This vulnerability was discovered by ‘CyberArk’ security researcher.

“A locally authenticated low privileged user could exploit this vulnerability to cause the loading of arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of arbitrary code.”

SupportAssist is a software designed by Dell for the purpose of alerting the company of any issues on a customers hardware or software.

It’s possible to patch Dell SupportAssist by updating it and keeping auto upgrade enabled to keep up to date of any patches that are due.

Share on facebook
Facebook
Share on google
Google+
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on pinterest
Pinterest
Scroll to Top

Covid-19 Update

We Remain Open

At this present time we have taken all the relevant measures to ensure our team are safe. Until further notice all our “onsite” engagements will either be postponed or performed remotely via VPN or one of our appliances.

Please bear with us if we need to reschedule some of your work. As a collective, we are also volunteering our time to support the elderly and assist essential services.

Thank you for your patience and understanding.

Peter
CEO & Founder