Round Rock-Based Dell Reports Computer Vulnerability

ROUND ROCK, TX — Computing giant Dell released a security advisory on Thursday urging its customers to patch a software vulnerability that potentially could have enabled hackers to access sensitive information on “several million” computers running Microsoft Windows.

The website cyberscoop was first to report on the advisory, categorizing it as an unnamed issue in Dell’s SupportAssist application. The issue potentially could have allowed hackers to take over customer's computers and read the stored physical memory, according to SafeBreach Labs, a California network security company. Dell released its security patch to fix this issue on May 28, according to the report.

Despite the recent dual advisories, Dell waited three weeks to go public with the advisory to allow time for PC Doctor — the third-party supplier behind the component responsible for the vulnerability — to release its own advisory, cyberscoop reported.

“The vulnerability provides the ability to be loaded and executed by a signed service,” SafeBreach researcher Peleg Hadar wrote. “This ability might be abused by an attacker for different purposes such as execution and evasion, for example: application whitelisting bypass [and] signature validation bypassing.”

In plain English: A hacker could get the computer to run code that it might otherwise reject, cyberscoop reported.

Cyberscoop noted the latest disclosure comes after Dell in April patched a security flaw for a SupportAssist vulnerability that could have left users vulnerable to a computer hijack if the two machines shared a local internet connection, ZDNet reported at the time.

>>> Read the full story at cyberscoop