Dell laptop and computer owners beware! Your machine is vulnerable to an attack that can be executed remotely to hijack your system — just by making you visit a malicious website.
As reported by ZDNet, a 17-year-old security researcher, Bill Demirkapi, discovered a vulnerability in the Dell SupportAssist utility that allows attackers to execute malicious codes remotely.
The vulnerability (CVE-2019-3719) allows hackers to execute code with admin privileges on devices that use an older version of Dell SupportAssist tool, and take over the victim’s system.
For the uninitiated, Dell’s SupportAssist tool pro-actively checks the state of your hardware and software and automatically updates the system as and when required. The software comes pre-installed on almost all new Dell devices. So there’s a huge number of users out there who are potentially vulnerable to this attack.
But the good news is that Dell has released a patched version of SupportAssist (v220.127.116.11) to close the security hole. If you own a Dell laptop or PC which has SupportAssist installed on it, you should download and install the new version right away to protect your system.
The proof of concept for this attack is available on GitHub, and those who want to see it in action can check out this demo video by Demirkapi: