CVE-2023-44283: 
Dell SupportAssist for PCs vulnerability analysis and mitigation

A critical security vulnerability (CVE-2023-44283) was identified in Dell SupportAssist software, affecting both Home PCs (versions 3.0 to 3.14.1) and Business PCs (versions 3.0 to 3.4.1). The vulnerability was disclosed on February 14, 2024, and impacts locally authenticated users on their respective Windows systems (Dell Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access, low attack complexity, and low privileges to exploit, but does not require user interaction. The impact on confidentiality, integrity, and availability is rated as high (Dell Advisory).

If exploited, this vulnerability enables privilege escalation and the execution of arbitrary code within the Windows system context. The scope is confined to the specific local PC where the vulnerable software is installed (Dell Advisory).

Dell has released security updates to address this vulnerability. Users of SupportAssist for Home PCs should upgrade to version 3.14.2 or later, while Business PC users should upgrade to version 3.5.0 or later. Dell recommends that all users keep their SupportAssist software updated to the latest version (Dell Advisory).