Millions of Dell PCs vulnerable to attack, due to a flaw in bundled system-health software

Millions of Dell PCs and laptops running Windows are vulnerable to attack via a high severity security hole, that could be exploited by malicious hackers to hijack control over devices.

AWS Builder Community Hub

In a support advisory published on its website, Dell reveals that the problem lies within SupportAssist, troubleshooting software bundled with the company’s home user and business PCs.

Specifically, the problem lies in Dell SupportAssist which the PC manufacturer describes as “the industry’s first automated proactive and predictive support technology.

In its promotional material, Dell claims SupportAssist “proactively checks the health of your system’s hardware and software. When an issue is detected, the necessary system state information is sent to Dell for troubleshooting to begin. Dell will contact you to start the resolution conversation, preventing issues from becoming costly problems.”

However, security researcher Peleg Hadar discovered that the PC Doctor component of SupportAssist contains a DLL hijacking vulnerability, which can be exploited during an attack to gain system-level privileges.

Through this mechanism a hacker could easily gain control of a targeted computer.

As the SupportAssist software is pre-installed on millions of Dell PCs and laptops, there’s plenty of incentive for online criminals to try to take advantage of the flaw.

But there’s worse news. Dell doesn’t actually make the SupportAssist software. It’s written by Nevada-based diagnostic software specialist PC Doctor who also license their technology to other PC manufacturers to bundle it – rebranded – with their own PCs and laptops.

According to Hadar, other affected products include:

  • PC-Doctor Toolbox for Windows
  • CORSAIR ONE Diagnostics
  • CORSAIR Diagnostics
  • Staples EasyTech Diagnostics
  • Tobii I-Series Diagnostic Tool
  • Tobii Dynavox Diagnostic Tool

So, the scale of the problem is likely to reach further than just Dell customers. PC Doctor claims on its website that “leading computer makers have pre-installed over 100 million copies of PC-Doctor for Windows on computer systems worldwide.”

Hadar reported the vulnerability to Dell on 29 April, who confirmed the problem and forwarded details to PC Doctor on 21 May. A patch was issued by Dell on 28 May, and should mean that any Dell computers which are configured to receive automatic updates are already patched.

Dell users concerned that their computers may be vulnerable should check what versions of SupportAssist they have installed on their PCs and laptops. Dell SupportAssist for Business PCs version 2.0.1 and Dell SupportAssist for Home PCs version 3.2.2 are said not to be vulnerable to the security hole.

However, if your Dell computer does not have automatic updates turned on, or if you have a different brand of computer that is running the vulnerable code, then you really should take action now and apply updates.

*** This is a Security Bloggers Network syndicated blog from HOTforSecurity authored by Graham Cluley. Read the original post at: