Dell Says Millions of PCs at Risk Due to Critical Flaw in SupportAssist Tool; Fix Issued

Dell has already released a patch for the vulnerability.

Share on Facebook Tweet Snapchat Share Reddit Comment
Dell Says Millions of PCs at Risk Due to Critical Flaw in SupportAssist Tool; Fix Issued

Dell PCs are at risk of remote attack due to newly discovered bug

Highlights
  • The problem lies in the PC-Doctor component of SupportAssist app
  • Dell has issued an update for SupportAssist tool with the fix
  • Users are advised to update the tool immediately

A new vulnerability has been discovered in Dell computers that have left millions of systems at risk of a privilege-escalation attack. Dell has released a security advisory warning for all of its consumers to update their laptops and PCs to patch the said vulnerability. The flaw was once agani found in the SupportAssist tool that is bundled with every Dell computer, and this vulnerability was first spotted by SafeBreach. The CVE-2019-12280 vulnerability exists in SupportAssist app for business v2.0 and home PCs v 3.2.1 and prior.

As mentioned, SafeBreach was the one that discovered the flaw and reported this vulnerability. It allows hackers to take over the machine and read the physical memory stored onboard. The problem lies in the SupportAssist tool that is bundled with nearly every Dell computer. The vulnerability lies in the PC-Doctor component. SafeBreach warns that it is possible to "exploit this vulnerability in order to load an arbitrary unsigned DLL into a service that runs as SYSTEM, achieving privilege escalation and persistence". The firm notes that there could well be over 100 million Dell systems that may be affected. Notably, this is the second major vulnerability in the SupportAssist tool found in 2019, with another reported in March.

Dell has already issued an update and "recommends all customers to update at the earliest opportunity." If auto-update is enabled, then the company should have already updated SupportAssist for Business PCs and SupportAssist for Home PCs automatically. However, a whole step-by-step guide can also be found on its security advisory page.

The company further told Tom's Guide, “Dell SupportAssist is not made by PC-Doctor. The vulnerability discovered by SafeBreach is a PC-Doctor vulnerability, which is a third-party component that ships with Dell SupportAssist for PCs. More than 90 percent of customers to date have received the update, released on May 28, 2019, and are no longer at risk. Dell SupportAssist updates automatically if automatic updates are enabled, and most customers have automatic updates turned on.”

All Dell PC and laptop users are advised to check if they are updated to the latest version of SupportAssist. You need to be on Dell SupportAssist for Business PCs version 2.0.1 or Dell SupportAssist for Home PCs version 3.2.2 to ensure that you are safe from any unwanted attacks.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Further reading: Dell, SupportAssist, SafeeBreach
Tasneem Akolawala Tasneem Akolawala is a Senior Reporter for Gadgets 360. Her reporting expertise encompasses smartphones, wearables, apps, social media, and the overall tech industry. She reports out of Mumbai, and also writes about the ups and downs in the Indian telecom sector. Tasneem can be reached on Twitter at @MuteRiot, and leads, tips, and releases can be sent to tasneema@ndtv.com. More
Apple AirPort Wireless Routers Get Security Firmware Update: How to Download and Install
Microsoft to Launch Just One Next-Gen Xbox Console - Project Scarlett, Quietly Cancels Affordable Variant: Report

Related Stories

 
 

Advertisement

Advertisement

© Copyright Red Pixels Ventures Limited 2020. All rights reserved.
Listen to the latest songs, only on JioSaavn.com