For people owning a Dell system, getting a software update would be a perfect thing to do now. According to a report originally published in Gizmodo, researchers at SafeBreach Labs recently disclosed a high-severity flaw in Dell's SupportAssist utility. This could allow attackers to inject malicious code in business computers or home PC, eventually gaining control of the system, through privilege escalation.
What is scarier is that the concern is not restricted to Dell machines alone. This time, it can affect other laptop manufacturers that, much like Dell, are using rebranded versions of the same Windows package, which includes the PC-Doctor Toolbox.
According to the SafeBreach Labs report, the malicious payload targets SupportAssist, software that is pre-installed on most Dell PCs designed to check the health of the system's hardware.
The vulnerability allows attackers to replace harmless DLL files with ones having a malicious payload. Dell confirmed the bug a month later and a fix was rolled out late last month.
However, the best way to prevent DLL hijacking is to quickly apply patches from the vendor. To fix this bug, one can allow for the automatic updates to do its job, or download the latest version of Dell SupportAssist for Business PCs or Home PCs.
Comments
0 comment