Your new Windows laptop typically ships with an awful lot of bloatware you don’t need. Often, it’ll just slow down your computer a tad. But occasionally, a pre-installed piece of manufacturer cruft can pose a serious security risk — and that’s why you should probably update or uninstall Dell’s SupportAssist right away.
The app, which Dell’s support page states is preinstalled on “most of all new Dell devices running Windows” and billed as “the industry’s first automated proactive and predictive support technology,” has apparently been vulnerable to a hack since at least last October, according to 17-year-old security researcher Bill Demirkapi. It’s not clear why it’s only getting patched just now.
It’s a potentially nasty one: Dell’s SupportAssist has administrator-level access to Windows and is designed to automatically install updates to your computer, and Demirkapi found a way to hijack those update requests — theoretically letting a hacker install something nasty they could use to further breach your PC. You can read all about it, and see a proof of concept, in his blog post.
On the plus side, Demirkapi told ZDNet that it only works if the hacker is on the same local network as your PC, say the public Wi-Fi at your local Starbucks, workplace, or school. And fixing should be as easy as uninstalling the app, or updating to SupportAssist v 220.127.116.11 or later. You can find the installer at Dell’s support page for the vulnerability, right here.