원격 납치에 취약한 Dell 랩톱 및 컴퓨터

ment 5/4 '19 posted 뉴스 IT

• SupportAssist가 설치된 Dell을 소유하고 있는 경우 가능한 한 빨리 새 버전을 다운로드하여 설치하여 시스템을 보호하십시오.

• Dell 웹 사이트에 따르면 SupportAssist 소프트웨어는 "Windows 운영 체제를 실행하는 모든 새 Dell 장치에 사전 설치되어 있으며"시스템의 하드웨어 및 소프트웨어의 상태를 사전에 검사합니다.

• 보안 연구자 Bill Demirkapi은 RCE 페이로드를 피해자의 Dell 컴퓨터에 전달하는 데 사용할 수있는 단계적인 개념 증명 단계에서 설명한 바와 같이, RCE 취약점이 ARP 및 DNS 스푸핑 공격을 사용하는 공격자에 의해 악용 될 가능성이 있다는 것을 발견했습니다.

• Dell의 노트북이나 데스크탑을 소유하고있는 경우 악의적인 Web 사이트에 액세스하기 만하면 컴퓨터가 공격에 취약해질 가능성이 매우 높습니다.

Dell laptops and desktops vulnerable to remote attack DisclosureEvery product here is…

Dell laptops and desktops vulnerable to remote attack [mashable.com]

Dell issued a security update to patch a SupportAssist Client software vulnerability which allows…

Dell Computers Exposed to RCE Attacks by SupportAssist Flaws [www.bleepingcomputer.com]

…

Dell laptops and computers vulnerable to remote hijacks [www.zdnet.com]

Your new Windows laptop typically ships with an awful lot of bloatware you don’t need. Often,…

PSA: If you’ve got a Dell PC, you might want to patch this SupportAssist vulnerability now [www.theverge.com]

…

Dell laptops confirmed to be affected by serious SupportAssist security flaw [www.notebookcheck.net]

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park,…

Dell Security Support Tool Harbors High-Severity Flaws [threatpost.com]

Your Dell laptop could be exposed to a devastating remote attack that…

Dell Laptops Vulnerable to Critical Attack: What to Do Now [www.laptopmag.com]

newest replies popular replies

Open Wiki - Feel free to edit it. -

5/4 '19 answered

Dell laptops and computers vulnerable to remote hijacks thanks to vulnerability in driver auto-update utility (aka bloatware app)https://t.co/bZYDQDjHu6 pic.twitter.com/ycTW22t7Qv
— Catalin Cimpanu (@campuscodi) May 1, 2019

The “Dell Support Assist” issue enforce my good old feeling: When you buy a new laptop, re-install your own OS flavour… (https://t.co/d8rZ4NJwft) #GetRidOfCrapware
— Xavier Mertens? (@xme) May 2, 2019

Dell Computers Exposed to RCE Attacks by SupportAssist Flaws https://t.co/5vO4zaAqua
— piyokango (@piyokango) May 2, 2019

Dell PCs & laptops are vulnerable to a remote attack leveraging a vulnerability in an older version of Dell SupportAssist utility. Since the utility runs as Admin, so does the exploit payload.https://t.co/5UfxHU2tdr
— CodeLobe (@CodeLober) May 3, 2019

Dell laptops and computers vulnerable to remote hijacks thanks to vulnerability in driver auto-update utility (aka bloatware app)https://t.co/bZYDQDjHu6 pic.twitter.com/ycTW22t7Qv
— Catalin Cimpanu (@campuscodi) May 1, 2019

A security update has been issued by Dell to patch a critical SupportAssist software #vulnerability that exposed personal computers to remote attacks: https://t.co/gNUj6b3vHl @campuscodi @ZDNet
— Veracode (@Veracode) May 3, 2019

Dell laptops and computers vulnerable to remote hijacks https://t.co/zya98ltfdX
— UgCERT (@UgCERT) May 3, 2019

Dell laptops and computers vulnerable to remote hijacks https://t.co/2tI7E5AetG
— Sam Bowne (@sambowne) May 2, 2019

PSA: If you’ve got a Dell computer, you might want to fix this now https://t.co/tra6QlRkai pic.twitter.com/y9KKEYGZi3
— The Verge (@verge) May 3, 2019

PSA: If you’ve got a Dell computer, you might want to fix this now https://t.co/7z0jsHxiq0 < Dell SupportAssist is open to hijacking for auto-install of malware pic.twitter.com/ksQmByvJRF
— Aaron Parker (@stealthpuppy) May 3, 2019

Why are we against internet voting? Because news stories like this come out all the time which continue to prove that current #technology still does not have enough #security to make #evoting trustworthy. #cdnpoli #onpoli #onmuni #infosec #abpoli #edem https://t.co/yh8BbPXL6x
— Counting The Vote (@count_the_vote) May 3, 2019

permanent link

Open Wiki - Feel free to edit it. -

5/4 '19 answered

Dell's security support tool has several 'high-severity' flaws. https://t.co/0ge16pWh8T
— Kaspersky Lab (@kaspersky) May 4, 2019

Dell has patched two high-severity #vulnerabilities in its #software meant to support hardware issues for customers. #cybersecurity #infosec https://t.co/D1zlfjejKr
— Ronald van der Meer (@ronaldvdmeer) May 3, 2019

permanent link

Featured

Important Notice: Discontinuation of Our Wiki Service

Dear Valued Users,

We hope this message finds you well. We are writing to inform you of an important upcoming change to our services. After careful consideration and analysis, we have made the difficult decision to discontinue our wiki site, effective one month from 2024/04/30.

This was not an easy decision to make, as we understand the importance of the resources and community that have been built around our wiki. However, due to evolving market conditions and strategic realignments, we must redirect our resources and efforts towards other ventures that will allow us to serve you better in the future.

What This Means for You:

Access to Content: You will continue to have full access to all content on the wiki until the discontinuation date. We encourage you to save or migrate any content you wish to retain.
Final Date of Service: The wiki will become inaccessible starting 1st June 2024, after which all content will be permanently removed.

We are immensely grateful for the support and contributions of our user community throughout the years. The wiki is being retired, but our team will be back soon with new services and apps.

Thank you for being a part of our journey.

Warm regards,

editoy Inc.

Related

Featured