Using Dell laptop? Fix this remote attack vulnerability right now
What's the story
If you own a recently launched Dell-made Windows laptop, there's a good chance that your system is vulnerable to a remote hijack. Yes, a 17-year-old security researcher has found that a program pre-installed in these laptops hosts a vulnerability that can be exploited remotely to breach your security. Here's more about the bug and the way to fix it.
Issue
Dell's SupportAssist had a bug since October
The researcher, Bill Demirkapi, analyzed Dell's 'SupportAssist' program and found the bug in it. The tool comes with administrator-level Windows access and automatically updates drivers, adjusts settings, and cleans used files. However, Demirkapi found that a malicious third party can hijack the updates pushed by the program and use them to install malware on a targeted computer.
Scale
Issue affecting Dell laptop at least since October
It's not exactly clear how many PCs are affected by the issue but Demirkapi says he unearthed it after replacing his MacBook Pro with a Dell G3 laptop in October. He has released a detailed write-up explaining the issue and its possible exploit but noted that the attack could be carried only when the victim visits a malicious website set up by an attacker.
Information
Also, both parties have to be on the same network
Additionally, in order for the attack to work, both parties, the attacker and the victim, have to be on the same network. Now, this could be any public Wi-Fi network, be it at your nearest Starbucks or the one in your school/college.
Fix
How can you fix this issue
If you have a new Dell laptop with SupportAssist, there are two ways to close this loophole - update or uninstall. Dell had released a fix for the issue earlier this year, which means updating the tool to version 3.2.0.90 or newer should close the vulnerability. Alternatively, you can also remove the tool from your PC altogether to be on the safer side.
Information
No comment from Dell yet
So far, Dell has neither commented on the matter nor explained if the bug has been exploited by anybody. Hopefully, more details will be revealed by the company.
Previous case
Similar kind of vulnerability compromised ASUS laptops
The issue affecting Dell notebooks comes just a month after a similar kind of bug was used to compromise several ASUS laptops. Security research company Kaspersky Lab had revealed that the Taiwanese giant's live software updater was compromised to spread malware on several PCs. The issue affected hundreds of computers but has now been fixed by the company.