Dell PC SupportAssist Vulnerability June 21, 2019

A severe vulnerability (CVE-2019-12280) has been detected in Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist for Home PCs version 3.2.1 and earlier.  The vulnerability allow a remote attacker to load an arbitrary unsigned DLL into a service that runs as SYSTEM, achieving privilege escalation and persistence.

We recommending upgrading to Dell SupportAssist for Business PCs version 2.0.1 immediately

Please see this article posted on the Confidential Communications site for more information: https://cc.cybersecurity.ubc.ca/dell-pc-supporta…st-vulnerability/

If you have any questions, please contact security@ubc.ca