According to 17 years, old security researcher Bill Demirkap from the US has found Remote code execution vulnerability found in Dell SupportAssist utility. An attacker can execute a remote attack and execute code with admin privilege on the machine.

Dell has released a patch for the bug on 23rd April. Many users have already installed updated tool with used for debugging, diagnostics and Dell drivers auto-updates.

A large number of users are affected by this attack. Dell SupportAssist is pre-installed on Windows Operating System.

According to Bill Demirkap, RCE attack relies on call users on evil web pages and malicious javascript runs on Dell supportAssistant, download victims computer, and an attacker can access remotely. Dell SupportAssistant has already run admin privilege and get full access to computer or laptop.

Dell took the researcher’s report seriously and has worked for the past months to patch CVE-2019-3719, a task that concluded last week with the release of SupportAssist v3.2.0.90, which Dell users are now advised to install.

Proof of concept

Proof of concept to reproduce an attack is available on GitHub, and Demirkapi also published a demo video showing how easily an attack can lead to a full device compromise. Demirkapi’s vulnerability report, for additional technical details, is available on the young researcher’s blog.

LEAVE A REPLY

Please enter your comment!
Please enter your name here