2 min read

Millions of Dell PCs vulnerable to attack, due to a flaw in bundled system-health software

Graham CLULEY

June 21, 2019

Millions of Dell PCs vulnerable to attack, due to a flaw in bundled system-health software

Millions of Dell PCs and laptops running Windows are vulnerable to attack via a high severity security hole, that could be exploited by malicious hackers to hijack control over devices.

In a support advisory published on its website, Dell reveals that the problem lies within a third-party component of SupportAssist, troubleshooting software bundled with the company”s home user and business PCs. Software which the PC manufacturer describes as “the industry”s first automated proactive and predictive support technology.”

In its promotional material, Dell claims SupportAssist “proactively checks the health of your system”s hardware and software. When an issue is detected, the necessary system state information is sent to Dell for troubleshooting to begin. Dell will contact you to start the resolution conversation, preventing issues from becoming costly problems.”

However, security researcher Peleg Hadar discovered that the PC Doctor component of SupportAssist contains a DLL hijacking vulnerability, which can be exploited during an attack to gain system-level privileges.

Through this mechanism a hacker could easily gain control of a targeted computer.

As the SupportAssist software is pre-installed on millions of Dell PCs and laptops, there’s plenty of incentive for online criminals to try to take advantage of the flaw.

But there”s worse news. Dell doesn”t actually make the software containing the vulnerability. It”s written by Nevada-based diagnostic software specialist PC Doctor who also license their technology to other PC manufacturers to bundle it – rebranded – with their own PCs and laptops.

According to Hadar, other affected products include:

  • PC-Doctor Toolbox for Windows
  • CORSAIR ONE Diagnostics
  • CORSAIR Diagnostics
  • Staples EasyTech Diagnostics
  • Tobii I-Series Diagnostic Tool
  • Tobii Dynavox Diagnostic Tool

So, the scale of the problem is likely to reach further than just Dell customers. PC Doctor claims on its website that “leading computer makers have pre-installed over 100 million copies of PC-Doctor for Windows on computer systems worldwide.”

Hadar reported the vulnerability to Dell on 29 April, who confirmed the problem and forwarded details to PC Doctor on 21 May. A patch was issued by Dell on 28 May, and should mean that any Dell computers which are configured to receive automatic updates are already patched.

Dell users concerned that their computers may be vulnerable should check what versions of SupportAssist they have installed on their PCs and laptops. Dell SupportAssist for Business PCs version 2.0.1 and Dell SupportAssist for Home PCs version 3.2.2 are said not to be vulnerable to the security hole.

However, if your Dell computer does not have automatic updates turned on, or if you have a different brand of computer that is running the vulnerable code, then you really should take action now and apply updates.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Romance scammers arrested in Texas for defrauding elderly lonely hearts Romance scammers arrested in Texas for defrauding elderly lonely hearts
Graham CLULEY

September 28, 2021

3 min read
iCloud Private Relay Vulnerability Exposes User IP Addresses, Researchers Find iCloud Private Relay Vulnerability Exposes User IP Addresses, Researchers Find
Silviu STAHIE

September 27, 2021

1 min read
Bitcoin.org Compromised; Attackers Posted “Double Your Money” Announcement Bitcoin.org Compromised; Attackers Posted “Double Your Money” Announcement
Silviu STAHIE

September 27, 2021

1 min read