The attack relies on luring users on a malicious web page, where JavaScript code can trick the Dell SupportAssist tool into downloading and running files from an attacker-controlled location.Dell issued an update for SupportAssist on April 23.
Because the Dell SupportAssist tool runs as admin, attackers will have full access to targeted systems, if they manage to get themselves in the proper position to execute this attack.
Dell PCs vulnerable to remote takeover due to SupportAssist vulnerability
Posted on Friday, May 03 2019 @ 10:30 CEST by Thomas De Maesschalck