Many computers come pre-installed with software or applications that can make your life easier. I have warned you before about some of these types of ‘bloatware’ and why you might want to be wary of it. The idea behind Dells’ SupportAssist app was to warn you about vulnerabilities proactively. In this case, the software application put the security of your computer at risk as it was in itself security vulnerability. Turns out, that If two computers were on the same network, like on public wi-fi or your router was compromised, your computer would allow remotely execute arbitrary executables without any user interaction. If you have a Dell computer with SupportAssist on it, stop what you are doing, and install their patch to fix this vulnerability, now.

Dell advises all customers to update SupportAssist Client as soon as possible, seeing that all versions older than 3.2.0.90 and later are vulnerable to remote code execution attacks.

Related Links

• https://nvd.nist.gov/vuln/detail/CVE-2019-3718
• https://nvd.nist.gov/vuln/detail/CVE-2019-3719
• https://www.bleepingcomputer.com/news/security/dell-computers-exposed-to-rce-attacks-by-supportassist-flaws/
• https://www.theinquirer.net/inquirer/news/3075000/dell-supportassist-rce-flaw
• https://d4stiny.github.io/Remote-Code-Execution-on-most-Dell-computers/
• https://www.zdnet.com/article/dell-laptops-and-computers-vulnerable-to-remote-hijacks/

You can find the patch here

• https://www.dell.com/support/home/us/en/04/product-support/product/dell-supportassist-pcs-tablets/drivers