【】

If you own a Dell laptop or desktop then there's a very good chance your machine is vulnerable to attack simply by visiting a malicious website. The good news is, Dell has released a patch to close the security hole.
As ZDNet reports, 17-year-old security researcher Bill Demirkapi discovered a vulnerability (CVE-2019-3719) in the Dell SupportAssist utility which allows an attacker to remote execute code. This is achieved by getting a user to visit a specific website containing JavaScript code capable of tricking the SupportAssist app into downloading and running malicious files (with full admin rights). Importantly, no user interaction is required once the website has been visited and the JavaScript can be hidden inside an ad on a legitimate website.
Here's the remote code execution in action as recorded by Demirkapi:
Dell uses SupportAssist to pro-actively check the health of your hardware and software and then automatically updates each system as necessary. As you've probably guessed, it's a piece of software that gets pre-installed on most new Dell systems, meaning there's a lot of users out there potentially vulnerable to this attack.

Dell has known about the vulnerability since Oct. 26 last year and a patched version of SupportAssist (v3.2.0.90) is now available which closes the security hole. If you own a Dell which has SupportAssist installed, download and install the new version as soon as possible to protect your system.
Featured Video For You
Scientists successfully 3D-print heart from human cells
TopicsCybersecurityDell
相关文章
Major earthquake and multiple aftershocks rock central Italy
UPDATE: Aug. 25, 2016, 8:22 a.m. BST 。 Death toll is now at least 247 dead: 190 in Rieti province and2025-04-26- 曝金特羅將和河床簽約兩年 僅剩一些細節需處理_阿根廷_sar_Merlowww.ty42.com 日期:2022-01-19 08:01:00| 評論(已有326442條評論)2025-04-26
- 梅西早知未獲獎但仍想出席頒獎 私下裏已祝賀萊萬_波蘭_個人_羅所www.ty42.com 日期:2022-01-18 09:01:00| 評論(已有326235條評論)2025-04-26
- 曝亞冠冠軍求購前權健外援莫德斯特 科隆欲索要高價_利雅得_沙特_1www.ty42.com 日期:2022-01-19 10:01:00| 評論(已有326458條評論)2025-04-26
The U.S. will no longer have the final say on internet domain names
The National Telecommunications Information Admistration (NTIA) announced via。 blog post。on Tuesday2025-04-26- 周最佳 :本澤馬2場造3球攬MVP 庫鳥維拉首秀高光_比賽_主場_聯賽www.ty42.com 日期:2022-01-17 14:01:00| 評論(已有326098條評論)2025-04-26
最新评论