Dell Says Millions of PCs at Risk Due to Critical Flaw in SupportAssist Tool; Fix Issued

Dell has already released a patch for the vulnerability.

Share on Facebook Tweet Share Reddit Comment
Dell Says Millions of PCs at Risk Due to Critical Flaw in SupportAssist Tool; Fix Issued

Dell PCs are at risk of remote attack due to newly discovered bug

Highlights
  • The problem lies in the PC-Doctor component of SupportAssist app
  • Dell has issued an update for SupportAssist tool with the fix
  • Users are advised to update the tool immediately

A new vulnerability has been discovered in Dell computers that have left millions of systems at risk of a privilege-escalation attack. Dell has released a security advisory warning for all of its consumers to update their laptops and PCs to patch the said vulnerability. The flaw was once agani found in the SupportAssist tool that is bundled with every Dell computer, and this vulnerability was first spotted by SafeBreach. The CVE-2019-12280 vulnerability exists in SupportAssist app for business v2.0 and home PCs v 3.2.1 and prior.

As mentioned, SafeBreach was the one that discovered the flaw and reported this vulnerability. It allows hackers to take over the machine and read the physical memory stored onboard. The problem lies in the SupportAssist tool that is bundled with nearly every Dell computer. The vulnerability lies in the PC-Doctor component. SafeBreach warns that it is possible to "exploit this vulnerability in order to load an arbitrary unsigned DLL into a service that runs as SYSTEM, achieving privilege escalation and persistence". The firm notes that there could well be over 100 million Dell systems that may be affected. Notably, this is the second major vulnerability in the SupportAssist tool found in 2019, with another reported in March.

Dell has already issued an update and "recommends all customers to update at the earliest opportunity." If auto-update is enabled, then the company should have already updated SupportAssist for Business PCs and SupportAssist for Home PCs automatically. However, a whole step-by-step guide can also be found on its security advisory page.

The company further told Tom's Guide, “Dell SupportAssist is not made by PC-Doctor. The vulnerability discovered by SafeBreach is a PC-Doctor vulnerability, which is a third-party component that ships with Dell SupportAssist for PCs. More than 90 percent of customers to date have received the update, released on May 28, 2019, and are no longer at risk. Dell SupportAssist updates automatically if automatic updates are enabled, and most customers have automatic updates turned on.”

All Dell PC and laptop users are advised to check if they are updated to the latest version of SupportAssist. You need to be on Dell SupportAssist for Business PCs version 2.0.1 or Dell SupportAssist for Home PCs version 3.2.2 to ensure that you are safe from any unwanted attacks.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and subscribe to our YouTube channel.

Further reading: Dell, SupportAssist, SafeeBreach
Tasneem Akolawala When not expelling tech wisdom, Tasneem feeds on good stories that strike on all those emotional chords. She loves road trips, a good laugh, and interesting people. She binges on movies, sitcoms, food, books, and DIY videos. More
Apple AirPort Wireless Routers Get Security Firmware Update: How to Download and Install
Microsoft to Launch Just One Next-Gen Xbox Console - Project Scarlett, Quietly Cancels Affordable Variant: Report
 
 

Advertisement

 

Advertisement

© Copyright Red Pixels Ventures Limited 2019. All rights reserved.