Quote:Dell issued a security update to patch a SupportAssist Client software vulnerability which allows potential unauthenticated attackers on the same Network Access layer to remotely execute arbitrary executables on vulnerable computers.
According to Dell's website, the SupportAssist software is "preinstalled on most of all new Dell devices running Windows operating system" and it "proactively checks the health of your system’s hardware and software. When an issue is detected, the necessary system state information is sent to Dell for troubleshooting to begin."
As explained by Dell in its advisory, "An unauthenticated attacker, sharing the network access layer with the vulnerable system, can compromise the vulnerable system by tricking a victim user into downloading and executing arbitrary executables via SupportAssist client from attacker hosted sites."
The software flaw is tracked as CVE-2019-3719 and comes with a high severity CVSSv3 base score of 8.0 assigned by the National Vulnerability Database (NVD).
Dell patched the SupportAssist software during late April 2019 following an initial report received from 17-year old security researcher Bill Demirkapi on October 10, 2018.
Also, Dell advises all customers to update SupportAssist Client as soon as possible, seeing that all versions prior to 3.2.0.90 and later are vulnerable to remote code execution attacks.
SOURCE: https://www.bleepingcomputer.com/news/se...ist-flaws/
![[-]](https://www.geeks.fyi/images/collapse.png)
