If are using Dell Windows PCs, then you are already aware of the company’s SupportAssist App which comes pre-installed with pretty much every Windows PCs under the Dell brand. The app is meant to help users with a variety of things ranging from downloading drivers to hardware checkup. Long story short, the SupportAssist app takes care of the health of your pc. But what if I tell you that the app can put you in a predicament.
Dell’s SupportAssist app currently has two dangerous security flaw, namely, remote code execution(RCS) and CVE-2019-3718. These flaws make things a lot easier for an attacker to trick a victim user into downloading and executing arbitrary executables via SupportAssist client from attacker hosted sites.
A 17-year-old security researcher found the remote code execution(RCE) flaw in the SupportAssist app. And according to the 17-year-old researcher, other than the above two mentioned above, there is one more serious security flaw in the app. It makes sure that files aren’t downloaded over HTTP, meaning whenever it senses that an attempt is being made to download files over an HTTP connection, it would automatically replace that with HTTPS. This would let users believe that they are doing nothing wrong downloading those files.
“If we could provide the SupportAssist client with a http:// URL, we could easily intercept and change the response! This somewhat solves the hardest challenge,” explained Demirkapi.
The Good News
Dell is fully aware of these bugs in their SupportAssist app is offering a fix. Dell confirmed that Dell SupportAssist Client versions prior to 18.104.22.168 are under threats and that upgrading the app to the latest version will ensure users the safety.