The company issued a DL Dell giant in the field of computing on Thursday advice the Security urges consumers to update devices, laptops, computers desktop to correct a security flaw the company says about it: it would have enabled hackers access to sensitive information.
And there is this vulnerability, named (CVE-2019-12280), in application (SupportAssist) of Del computers commercial (version 2.0) and home computers (version 3.2.1 and earlier).
It recommends that the Del its users to update the program to version 2.0.1 for computers, business, and 3.2.2 for home computers.
According to security firm Cyber SafeBreach Labs, which discovered the vulnerability and reported it, the problem in (SupportAssist), formerly known as the (Dell System Detect), resulting from increased privileges, may be allowed the attackers to seize the computer and read the actual memory is stored.
Given that the troubleshooting program works the privileges system-level, researchers have shown that it is possible to download the library code is unsafe (the library link dynamic (DLL) for short) of the areas spoken by the user and via the environment variable (PATH).
Related topics what you read now:
The company said SafeBreach Labs: to download a file (DLL) at startup through the programs, such as (SupportAssist), the attackers can exploit it by damaging the file (DLL) to the existing or the replaced files (DLL) harmful, which check the code in the software used for files (DLL).
And this vulnerability a hacker to control the target system easily, and did not profess SafeBreach whether hackers have exploited the flaw, but the gap constituted a tempting target because Del installation program (SupportAssist) in earlier on millions of computers, portable and desktop devices.
Wrote security researcher, Billig Hadar Peleg Hadar: this means that as long as no correction of the DL program, the problem of exploitation affect millions of users of computers of the company.
The program (SupportAssist) as a repair tool monitors system and proactively resolve hardware and software, and alert the customer to take appropriate action to resolve them.
The researchers believe that DL is not the only company affected by computers this security problem, as they don’t make DL program myself, but it’s made by Company PC-Doctor specialized in the diagnosis and support for customers, besides providing products of custom troubleshooting to other companies.
According to the company PC-Doctor Web Site, the companies manufacturing computers leading has been proved in the earlier more than 100 million copies of PC-Doctor for Windows on computer systems worldwide.
This means that the vulnerability also affects other manufacturers computers of the Treaty on the software company PC-Doctor troubleshooting.
Recall that this is not the first in which a program (SupportAssist), which proceeded DL in April to patch a security hole separate in the tool that will know computers and Del to attack from a distance, which allows hackers to download malware and install them from a remote server on the computers del-affected and control.