And fixing should be as easy as uninstalling the app, or updating to SupportAssist v 3.2.0.90 or later. On the plus side, Demirkapi told ZDNet that it only works if the hacker is on the same local network as your PC, say the public Wi-Fi at your local Starbucks, workplace, or school. You can read all about it, and see a proof of concept, in his blog post. It’s a potentially nasty one: Dell’s SupportAssist has administrator-level access to Windows and is designed to automatically install updates to your computer, and Demirkapi found a way to hijack those update requests - theoretically letting a hacker install something nasty they could use to further breach your PC.
It’s not clear why it’s only getting patched just now.
The app, which Dell’s support page states is preinstalled on “most of all new Dell devices running Windows” and billed as “the industry’s first automated proactive and predictive support technology,” has apparently been vulnerable to a hack since at least last October, according to 17-year-old security researcher Bill Demirkapi. But occasionally, a pre-installed piece of manufacturer cruft can pose a serious security risk - and that’s why you should probably update or uninstall Dell’s SupportAssist right away.
Often, it’ll just slow down your computer a tad. Your new Windows laptop typically ships with an awful lot of bloatware you don’t need.
0 kommentar(er)
