The SupportAssist software by Dell, a Windows toolkit developed partially to defend your PC from security flaws, has yet another vulnerability of its own that makes operating older editions of the software a danger to your device. As claimed by media, this new flaw was found by SafeBreach security researchers and revealed this week in a public blog post. Dell has now launched an update to fix it that you must install immediately.
A grave concern here is that this flaw does not just impact Dell devices with SupportAssist, as was the case with a completely different SupportAssist flaw from two months back. This time, it can impact other laptop makers that are also, such as Dell, employing rebranded editions of the same Windows bundle, which comprises an element dubbed as PC-Doctor Toolbox. Other firms recognized to make employment of this same element in software bundles comprise office supplies chain Staples, gaming brand Corsair, and eye-tracking firm Tobii.
Since Dell’s SupportAssist has admin-degree authorization to your Windows device and can install updates automatically, a 3rd party can use this flaw to download malicious code concealing inside what are dubbed as DLL files, or dynamic link library files. “As per Dell’s site, on most of Dell machines operating on Windows, SupportAssist is preinstalled. This indicates that as long as the software is not fixed, the flaw impacts millions of Dell PC consumers,” claims Peleg Hadar, SafeBreach researcher.
On a related note, earlier at CES, Dell upgraded the XPS 13 with an enhanced webcam that finally placed it back on top where it was supposed to, and at Computex 2019, it declared that it might be bringing that same enhancements to its XPS 13 and XPS 15 2-in-1 devices—together with a full renovation for the XPS 13 2-in-1, as per media reports.