Source: National Cyber Security – Produced By Gregory Evans
Dell is reporting a high-rated vulnerability in its SupportAssist for business and home PCs that could result in remote code execution.
CVE-2020-5316
affects business PC versions 2.0 through 2.1.3 and home PC versions 2.0 through
3.4. Each contain an uncontrolled search path vulnerability that can be exploited
by a locally authenticated low-privileged user to cause the loading of
arbitrary DLLs by the SupportAssist binaries, resulting in the privileged
execution of arbitrary code.
Dell has
issued patches
fixing the vulnerability and for those who do not have automatic updates
enabled the company is recommending they update to Dell SupportAssist for
business PCs version 2.1.4 Dell SupportAssist for home PCs version 3.4.1.
James
McQuiggan, security awareness advocate at KnowBe4, noted that this vulnerability
brings to light the fact that it’s not just operating system or major
application patches that have to be kept current
“It’s
important for consumers and organizations to patch not only Windows operating
systems, but all software and firmware on the systems. Often times, we hear
about the Windows vulnerabilities, but there are times when systems are
exploited because of a software or firmware update that wasn’t patched,” he
said.
Want to read more?
Please login or register first to view this content.
Login
Register
Original Source link
The post #cybersecurity | hacker | Dell patches SupportAssist vulnerability | SC Media appeared first on National Cyber Security.