Dell’s Latest Support Tools Have Big Security Flaws

By May 14, 2019News

Related image

Remote Code Execution (RCE) issues in Dell’s client support tool – SupportAssist Client – now means this pre-installed resource could pose a long-term security threat for IT estate leadership. The latest RCE flaw (CVE-2019-3719) has been given a security advisory notice from Dell.

According to ThreatPost:

“The bug, which was discovered by John C. Hennessy-ReCar, could be exploited by an unauthenticated remote attacker who could launch CSRF attacks on users of the impacted systems. CSRF allows an attacker to send malicious commands from one site to another using the credentials of a user that the destination site trusts. Further details on the flaw were not made available.

The computer-maker has had its fair share of security concerns, including last November, when the company warned its Dell.com customers of unauthorized activity on its network. Adversaries attempted to access names, email addresses and hashed passwords — which prompted a reset of all Dell.com customer passwords.”

DELL has published a guidance note, available here, that outlines the affected products, the remedial steps required to fix this security issue and the download links for fixes. If you are worried about patch updates, why not develop your own organisational patch update plan? Computer World provides a live blog which is updated every month with the latest Windows updates – available here.

Leave a Reply

Outsource your IT support services

This is a highly effective way of keeping your IT systems working at peak efficiency without a large overhead.

Take a look at our small business IT support packages or download our brochure

READ MORE

OFFERS

Book a free IT consultancy visit with one of our technical team and save over £150.

What does this visit include...

READ MORE
CALL 0161 660 5154 OR REQUEST A CALL BACK