Millions of Dell PCs at risk due to vulnerability in SupportAssist tool

Millions of Dell PCs running Windows have been identified with a serious security flaw that allows attackers system-level access to hardware and software, according to a blog post from California-based cybersecurity SafeBreach Labs.

According to Dell, the vulnerability, CVE-2019-12280, was discovered in Dell’s SupportAssist application for Business (version 2.0) and Home PCs (version 3.2.1 and prior).

For those unaware, SupportAssist is a software which is preinstalled on most Dell PCs to proactively examine the health of the system’s hardware and software.

Also read- One Million Windows PCs Exposed To “Wormable” BlueKeep Bug

However, the SupportAssist software is not made by Dell but by PC-Doctor, a company that develops hardware-diagnostic software and licenses it to other electronic-device makers.

Although SafeBreach did not provide any proof that hackers exploited the vulnerability, it did warn that it is possible to “exploit this vulnerability in order to load an arbitrary unsigned DLL into a service that runs as SYSTEM, achieving privilege escalation and persistence”. A DLL is a file format used for holding multiple processes for Windows programs.

Peleg Hadar, a SafeBreach researcher said, “The vulnerability provides the ability to be loaded and executed by a signed service. This ability might be abused by an attacker for different purposes such as execution and evasion, for example, application whitelisting bypass [and] signature validation bypassing.”

In other words, a hacker could make the computer run code that it might otherwise reject.

SafeBreach contacted Dell and reported the vulnerability on April 29, 2019, which in turn referred it to PC-Doctor. On May 28, 2019, Dell released fixes provided by PC-Doctor for affected SupportAssist versions in Dell PCs.

Later, Dell issued a security advisory notice to its users asking them to update to the latest versions to fix the flaw found within the PC-Doctor component.

“Dell SupportAssist is not made by PC-Doctor. The vulnerability discovered by SafeBreach is a PC-Doctor vulnerability, which is a third-party component that ships with Dell SupportAssist for PCs. More than 90 percent of customers to date have received the update, released on May 28, 2019, and are no longer at risk.

Dell SupportAssist updates automatically if automatic updates are enabled, and most customers have automatic updates turned on,” Dell told in a statement issued to Tom’s Guide.

Dell has recommended Business and home PC users to update their software to Dell SupportAssist for Business PCs version 2.0.1 and Dell SupportAssist for Home PCs version 3.2.2 respectively.

When SafeBreach researchers contacted PC-Doctor to know the exact number of clients affected, it refused to divulge any details. However, the PC-Doctor website states that “leading manufacturers have installed over 100 million copies of PC-Doctor for Windows on computer systems worldwide.” This means besides Dell PCs, other original equipment manufacturers that depend on PC-Doctor are also affected.

LEAVE A REPLY

Please enter your comment!
Please enter your name here