Unsolved
1 Rookie
•
1 Message
0
185
August 26th, 2024 20:28
DSA-2024-312: Security Update for Dell SupportAssist
DSA-2024-312: Security Update for Dell SupportAssist for Home PCs Installer file Local Privilege Escalation Vulnerability refers to the following website for the latest Dell SupportAssist update (version 4.3.1):
However this link offers an old vulnerable version of SupportAssist (v4.0.3). Where can I get the remediated version (4.3.1)?
No Events found!
lmacri
3 Apprentice
•
1.6K Posts
0
August 27th, 2024 03:48
Hi Geo_Mack
The DSA-2024-312 security advisory <here> states "Dell SupportAssist for Home PCs Installer exe version 4.0.3 contains a privilege escalation vulnerability in the installer... This vulnerability only affects first-time installation done with SupportAssist Installer exe v4.0.3". When I use the download link in that security advisory it takes me to a download page that offers the patched SupportAssistInstaller.exe v4.3.1.11711 installer.
I don't use SupportAssist on my Inspiron 5584 so I can't tell you what version of SupportAssist v4.x this installer currently installs, but if I understand correctly it was the SupportAssistInstaller.exe installer that was the file of concern affected by the CVE-2024-38305 Local Privilege Escalation vulnerability, not the actual executable for the SupportAssist program.
---------------
Dell Inspiron 15 5584 * 64-bit Win 10 Pro v22H2 build 19045.4780 * Firefox v129.0.2 * Microsoft Defender v4.18.24070.5-1.1.24070.3 * Malwarebytes Premium v5.1.8.123-1.0.5007 * Macrium Reflect Free v8.0.7783 * Dell Update for Windows Universal v5.4.0 * MyDell v2.2.6.0 * Fusion Service v2.2.14.0