LISTSERV - VICUG-L Archives - LISTSERV.ICORS.ORG

VICUG-L Archives

Visually Impaired Computer Users' Group List

VICUG-L@LISTSERV.ICORS.ORG

	LISTSERV Archives
	VICUG-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	FW: [tek-talk] Critical security flaw for FYI
From:	Madison Martin <[log in to unmask]>
Reply To:	Madison Martin <[log in to unmask]>
Date:	Mon, 24 Jun 2019 15:57:45 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (110 lines)

-----Original Message-----
From: [log in to unmask] [mailto:[log in to unmask]]
On Behalf Of Robert Sollars
Sent: June-24-19 5:39 AM
To: [log in to unmask]; [log in to unmask];
[log in to unmask]
Cc: [log in to unmask]; [log in to unmask]
Subject: [tek-talk] Critical security flaw for FYI

The scoop on SupportAssist security

Researchers at security firm SafeBreach Labs found a startling flaw in a
program that comes pre-installed in the majority of Dell-branded computers,
as well as several third-party PCs under a different name. The program is
known as SupportAssist, which is a built-in technical support tool tailored
for Dell users, but it's also called PC-Doctor Toolbox when bundled with
other devices.

Dell has stated that the flaw is a PC-Doctor vulnerability, and is present
in SupportAssist due to its components shipping with the software suite.

According to SafeBreach Labs, the flaw arose from a lack of authentication
when the system pulls library files from the folders it interacts with.

Since the program doesn't verify whether these libraries are legitimate or
not, a skilled hacker could place a corrupted file into a folder that
SupportAssist or PC-Doctor would accidentally scan and activate. Once
opened, the entire system could be compromised, exposing private user data
to hackers and cybercriminals.

Am I affected by this security flaw?

Thankfully, Dell took quick action to address the security hole and released
a patch on May 28th of this year that completely addressed the issue.
According to Dell, more than 90% of its customers have already installed the
patch, meaning that the remaining 10% are most at risk of exploitation.

The widespread adoption of this patch is the result of automatic updates,
which Dell often enables by default. If you don't have this enabled in your
system (or don't know if you do), the best course of action would be to
manually download and install the patch. Even if it's already on your
system, installing the patch again manually won't cause any harm to your
computer.

To get the patch, simply click or tap to visit the SupportAssist download
page
<https://www.dell.com/support/contents/us/en/04/article/product-support/self
-support-knowledgebase/software-and-downloads/supportassist> . Installing
the update will put the latest version of the program on your computer --
with the vulnerability removed.

As for non-Dell computers, it's unknown if there are patches currently
available at the moment. We'll be updating the story if and when they become
available.

As dangerous as the internet can be for your computer's health, staying on
top of the latest patches and updates is the best way to keep your system
free of bugs and security holes. Just make sure that you're staying away
from dangerous places
<https://www.komando.com/tips/564922/9-tips-for-safe-online-and-mobile-banki
ng>  where hackers are likely to lurk, and you'll substantially reduce your
risk.

_._,_._,_
________________________________

Groups.io Links:

You receive all messages sent to this group. 

View/Reply Online (#3641)
<https://groups.io/g/tek-talk-discussion/message/3641>  | Reply To Group
<mailto:[log in to unmask]:%20%5Btek-talk%5D%20Critica
l%20security%20flaw%20for%20FYI>  | Reply To Sender
<mailto:[log in to unmask]:%20Re:%20%5Btek-talk%5D%20C
ritical%20security%20flaw%20for%20FYI>  | Mute This Topic
<https://groups.io/mt/32190518/1607068>  | New Topic
<https://groups.io/g/tek-talk-discussion/post> 

________________________________

Accessible World Team
http://accessibleworld.org

Below you will find links to view the current message, view the current
thread, change your list subscription, unsubscribe from this list, view the
group home and contact the list owner.

To unsubscribe send email to: [log in to unmask]

To subscribe send email to: [log in to unmask]
________________________________

Your Subscription <https://groups.io/g/tek-talk-discussion/editsub/1607068>
| Contact Group Owner <mailto:[log in to unmask]>  |
Unsubscribe
<https://groups.io/g/tek-talk-discussion/leave/3919406/1489240125/xyzzy>
[[log in to unmask]]

_._,_._,_

    VICUG-L is the Visually Impaired Computer User Group List.
Archived on the World Wide Web at
    http://listserv.icors.org/archives/vicug-l.html
    Signoff: [log in to unmask]
    Subscribe: [log in to unmask]

ATOM RSS1 RSS2

LISTSERV.ICORS.ORG