Though buying a pre-built machine from a system manufacturer is generally more convenient than putting a PC together yourself, there are a few drawbacks to going that route.
The “bloatware” that typically comes with said machines is just one example of that. While bloatware will usually be rapidly removed by tech-savvy individuals, those with a weaker grasp on software typically just let it stick around.
Unfortunately, Dell customers who fall into the latter category might be at risk now. According to security research company SafeBreach Labs, a “high-severity” flaw has been discovered in Dell’s SupportAssist software, which is a pre-installed system health checker. The software is supposed to scan your machine for software or hardware problems and forward the information to Dell if any are found.
…a “high-severity” flaw has been discovered in Dell’s SupportAssist software, which is a pre-installed system health checker.
According to SafeBreach, SupportAssist requires “high” permission levels to operate, meaning any vulnerabilities that do happen to slip through the cracks could be all the more dangerous. This potential for harm is what caused the software to appear on the security firm’s radar in the first place.
So, what does the flaw in question consist of? Apparently, SupportAssist’s permission requirements don’t mesh well with the basic way the software functions: its DLL files are loaded from an unprotected folder. This means that shady individuals could swap SupportAssist’s real DLLs with malicious ones, wreaking havoc on a victim’s machine using elevated permissions. As a proof-of-concept, SafeBreach describes how to do precisely that in their full flaw disclosure.
Fortunately, the organization’s efforts weren’t futile. Dell has already issued patches for this vulnerability, which are now included in official SupportAssist downloads. If you don’t want to go through the hassle of downloading a new update manually, the software’s automatic update capabilities should cover you soon enough.