Dell’s Security Issue in SupportAssist Software. Do you have a Dell PC? If so, be aware that recently, security researchers at Eclypsium have discovered a major security flaw in the company’s SupportAssist software that comes pre-installed on most Dell machines running Windows on the market today.
The flaw rating is a hefty 8.3 severity (out of a possible 10) and enables remote attackers to impersonate Dell’s website and take total control of the target machine, using the boot process to break OS-level security protocols.
The researchers who discovered the flaw had this to say about the matter:
“The issue affects 129 Dell models of consumer and business laptops, desktops, and tablets, including devices protected by Secure Boot and Dell Secured-core PCs, with roughly 30 million individual devices exposed to attacks.”
Dell’s SupportAssist Software security issue is a serious issue for all Dell users; however, Dell responds quickly, and there’s already a fix for the issue. Unfortunately, you’ll have to update your BIOS to get the fix, and due to the nature of the flaw, the researchers who discovered it recommend against using Dell’s BIOSConnect to get the latest.
Unfortunately, this is not the first time Dell customers have faced issues like this security issue. Back in May of 2019, Dell patched another high severity flaw with their SupportAssist software that allowed an attacker to remotely execute code and take full control of a target machine. The software patch in February of 2020 to address a different security flaw that allowed for remote code execution.
If the past is any guide then, there are likely to be additional flaws in the code. So if you’re a Dell customer, to be safe, you’ll probably want to bookmark the company’s site and check in regularly to make sure you’re not missing a critical update that could leave you vulnerable.