Quote:Dell has patched a high-severity flaw in its SupportAssist software that could allow an attacker to execute arbitrary code with administrator privileges on affected computers.
 
The flaw, an uncontrolled search path vulnerability that is being tracked as CVE-2020-5316, could allow a locally authenticated user with low privileges to “cause the loading of arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of arbitrary code,” Dell wrote in its explanation of the bug.
 
The latest bug—discovered by CyberArk security researcher Eran Shimony, who notified Dell–affects both business and home users of Dell systems. The vulnerability exists in Dell SupportAssist for business PCs version 2.1.3 or older and home PCs version 3.4 or older, according to Dell.

“All versions of SupportAssist automatically upgrade to the latest version available if automatic upgrades are enabled. Customers can check which version they are running and upgrade to a newer version of SupportAssist if available,” Dell said. Customers can check the version of their software via the program itself and can also follow the steps to manually upgrade their software.