CVE-2022-34387: 
Dell SupportAssist for PCs vulnerability analysis and mitigation

Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain a privilege escalation vulnerability identified as CVE-2022-34387. The vulnerability was disclosed on February 11, 2023, affecting Dell's support software that comes pre-installed on Dell systems (AttackerKB, Dell Advisory).

The vulnerability has a CVSS base score of 6.4 with the vector string CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access, high complexity to exploit, and high privileges, but requires no user interaction. The successful exploitation could result in high impacts to confidentiality, integrity, and availability of the system (Dell Advisory).

A successful exploitation of this vulnerability could allow a local authenticated malicious user to elevate privileges and gain total control of the affected system (Dell Advisory).

Dell has released updated versions to address this vulnerability. Users of Dell SupportAssist for Home PCs should upgrade to version 3.12.3, while Dell SupportAssist for Business PCs users should upgrade to version 3.3.0. The update can be obtained either through manual steps by launching SupportAssist UI and checking for updates, or through automatic updates if enabled in the settings (Dell Advisory).