Every Dell endpoint running Microsoft Windows has a nasty remote-code execution vulnerability. The security hole is in the SupportAssist module.
Amazingly, Dell figured it would be great to allow a web page to take full control of a PC—admin privileges and all. Bypassing the tool’s minimal checks turns out to be trivial.
To top it off, it took Dell six months to fix this vulnerability. In today’s SB Blogwatch, we rush to install the patch.
Read more: securityboulevard.com/2019/05/dell-hell-gets-hotter-via-bad-bug-in-every-pc-laptop