Dell issues a security advisory regarding its SupportAssist software

Article

Dell XPS 13 2-in-1 Ultrabook at Rydges Melbourne

Check that the SupportAssist software on your Dell computer like this XPS 13 2-in-1 is up-to-date to keep a secure computing environment

Dell Computers Exposed to RCE Attacks by SupportAssist Flaws | BleepingComputer

From the horse’s mouth

Dell

DSA-2019-051: Dell SupportAssist Client Multiple Vulnerabilities (Support Notice)

Official Resources

Dell software download site

https://downloads.dell.com/serviceability/Catalog/SupportAssistInstaller.exe (Official software installer)

My Comments

A version of Dell’s SupportAssist computer-maintenance software that is currently installed on most recent-issue Dell desktop and laptop computers, including some of the Dell laptops reviewed on this site, has been found to have a bug that is a security issue. This bug will affect versions of this software prior to 3.2.0.90 .

Here, the bug exposes the SupportAssist software to a vulnerability that allows malicious code to be executed remotely. At the moment, it appears to happen on the same logical network, which can be a vulnerability for users using public-access networks that aren’t properly configured for client isolation.

It was discovered by a teenage software researcher called Bill Demirkapi, but other flaws regarding verification of software provenance were found in the prior versions of this software by another software researcher called John C. Hennessy-ReCar. Here, Dell practised responsible disclosure in reporting the SupportAssist software vulnerability and made sure there were newer properly-patched versions of this software.

A newer version (3.2.0.90) of this software has been released and made available to download from Dell’s servers. I have placed the link to the installer package and Dell’s software download site so you can make sure your computer is up-to-date. The software download site also has a “Detect PC” button to allow the site to properly identify the Dell computer it is being used from incase you find it difficult to properly identify the exact model yourself. You may also find that the existing SupportAssist software may update itself or suggest an update when it checks Dell’s servers for new software versions.

As well, copy the SupportAssist installer application referenced here to a USB memory key or portable hard disk because your system may keep the prior version of this application in its recovery partition and you would be running that version should you have to restore your computer from that partition.

A good practice that I would like to see regarding “recovery partitions” on today’s computers is to have a user-selectable option to “slipstream” or update these partitions with newer software versions. This can be of importance with major or minor revisions to the operating system or updated application, driver and support software.

It may be a good practice when you buy a prebuilt computer to visit its manufacturer’s support resources regularly to check for new software updates for hardware drivers or support software. You may also be alerted to any issues that you might come across with this system. As well, registering your system with the manufacturer may be of value when it comes to being alerted to software or hardware issues.

Leave a Reply