Skip to main content

Another vulnerability found in Dell’s security bloatware, users must update ASAP

Dell Latitude 7400 2-in-1 review
Mark Coppock/Digital Trends

It’s been a rough week for security issues at Dell. A serious security vulnerability in the company’s SupportAssist software was disclosed by cybersecurity firm SafeBreach, and revealed to effect not only Dell machines but also other OEMs which used the rebranded software on their computers. Dell swiftly released a patch for the vulnerability, which they reminded users about in a security advisory on Thursday. Most users have already been upgraded to the latest version of the software, but if you have a Dell machine you should check that you have the update straight away.

The SupportAssist software is designed to protect machines from malware, but this isn’t the first time the software itself has been revealed to have a vulnerability. Back in April, security research Bill Demirkapi found a vulnerability which allowed Remote Code Execution through the security software. The feature was supposed to allow drivers to be updated through Dell’s website, but it exposed users to security threats which could have allowed attackers to find sensitive information and to execute their own code on people’s machines.

This first vulnerability was patched quickly as well, but it is not clear how many people could have been affected. The problem is that SupportAssist uses administrative rights by default, so if the software is compromised it can be used to gain access to much of an affected PC. The latest attack has the same issue, allowing attackers administrative privileges.

As SafeBreach describes, the SupportAssist program was targeted precisely because it has access to many key hardware systems. “In our initial exploration, we targeted the ‘Dell Hardware Support’ service based on the assumption such a critical service would have high permission level access to the PC hardware as well as the capability to induce privilege escalation,” the company explained in its blog post.

SupportAssist comes pre-installed on many Dell laptops, making it typical bloatware which most users simply ignore when they get a new machine. And other OEMs use the same software under the name PC-Doctor Toolbox as well. When a security vulnerability is discovered, users might not think they need to update software they never use, but merely having it on a machine can make it vulnerable.

Dell users should make sure they have automatic updating turned on and update their systems immediately, or download and install the latest version of SupportAssist from Dell’s website.

Georgina Torbet
Georgina is the Digital Trends space writer, covering human space exploration, planetary science, and cosmology. She…
How to delete your Gmail account (and what you need to know)
The top corner of Gmail on a laptop screen.

Is it time to part ways with your Gmail account? Whether you’re moving onto greener email pastures, or you want to start fresh with a new Gmail address, deleting your old Gmail account is something anyone can do. Of course, we’re not just going to bid you farewell without a guide all our own. If you need to delete your Gmail account, we hope these step-by-step instructions will make the process even easier.

Read more
How to change margins in Google Docs
Laptop Working from Home

You may find that Google Docs has a UI that is almost too clean. It can be difficult to find basic things you're used to, such as margin settings. Don't worry, though, you can change margins in Google Docs just like with any other word processor through a couple of different means.

Read more
How to change your Yahoo password on desktop and mobile
A Yahoo mail inbox.

One of the best ways to keep your many email inboxes safe and secure is by frequently changing your password. While this may sound inconsequential, periodic login updates end up being one of the biggest deterrents against hackers and other malcontents. If Yahoo is your email platform of choice, we’ve put together this guide to teach you how to update your account password in just a few simple steps.

Read more