Millions of Dell PCs vulnerable to attack, due to a flaw in bundled system-health software
Millions of Dell PCs and laptops running Windows are vulnerable to attack via a high severity security hole, that could be exploited by malicious hackers to hijack control over devices.
In a support advisory published on its website, Dell reveals that the problem lies within a third-party component of SupportAssist, troubleshooting software bundled with the company”s home user and business PCs. Software which the PC manufacturer describes as “the industry”s first automated proactive and predictive support technology.”
In its promotional material, Dell claims SupportAssist “proactively checks the health of your system”s hardware and software. When an issue is detected, the necessary system state information is sent to Dell for troubleshooting to begin. Dell will contact you to start the resolution conversation, preventing issues from becoming costly problems.”
However, security researcher Peleg Hadar discovered that the PC Doctor component of SupportAssist contains a DLL hijacking vulnerability, which can be exploited during an attack to gain system-level privileges.
Through this mechanism a hacker could easily gain control of a targeted computer.
As the SupportAssist software is pre-installed on millions of Dell PCs and laptops, there’s plenty of incentive for online criminals to try to take advantage of the flaw.
But there”s worse news. Dell doesn”t actually make the software containing the vulnerability. It”s written by Nevada-based diagnostic software specialist PC Doctor who also license their technology to other PC manufacturers to bundle it â€“ rebranded â€“ with their own PCs and laptops.
According to Hadar, other affected products include:
- PC-Doctor Toolbox for Windows
- CORSAIR ONE Diagnostics
- CORSAIR Diagnostics
- Staples EasyTech Diagnostics
- Tobii I-Series Diagnostic Tool
- Tobii Dynavox Diagnostic Tool
So, the scale of the problem is likely to reach further than just Dell customers. PC Doctor claims on its website that “leading computer makers have pre-installed over 100 million copies of PC-Doctor for Windows on computer systems worldwide.”
Hadar reported the vulnerability to Dell on 29 April, who confirmed the problem and forwarded details to PC Doctor on 21 May. A patch was issued by Dell on 28 May, and should mean that any Dell computers which are configured to receive automatic updates are already patched.
Dell users concerned that their computers may be vulnerable should check what versions of SupportAssist they have installed on their PCs and laptops. Dell SupportAssist for Business PCs version 2.0.1 and Dell SupportAssist for Home PCs version 3.2.2 are said not to be vulnerable to the security hole.
However, if your Dell computer does not have automatic updates turned on, or if you have a different brand of computer that is running the vulnerable code, then you really should take action now and apply updates.
Ultimate Privacy Guide for Your Facebook Account
August 31, 2021
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices
August 27, 2021
Your Netflix Account May Be on Sale on Darkweb. Protect It
August 13, 2021
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
FOLLOW US ON
You might also like
September 28, 2021