Dell warning: Patch our Windows 10 PCs now to stop attackers taking control
Dell has released a second patch in as many months for its laptop bloatware known as SupportAssist, a utility that’s meant to help solve problems but which could give hackers a way to compromise a vulnerable computer.
Dell has released updates for SupportAssist for Business and SupportAssist for Home due to vulnerabilities found in a component called PC Doctor, a product from a US vendor that sells diagnostics software to hardware OEMs to monitor a system’s health.
It’s likely this bug has a wide impact because SupportAssist ships with most Dell laptops and computers running Windows 10.
SEE: 20 pro tips to make Windows 10 work the way you want (free PDF)
Dell patched a serious bug in SupportAssist in April after an independent security researcher found the support tool could be used by remote attackers to take over millions of vulnerable systems.
While that bug resided in Dell’s SupportAssist code itself, this vulnerability sits inside a third-party software library provided by PC Doctor, called ‘Common.dll’. That means it could affect PCs from other OEMs that use PC Doctor software.
In an advisory, Dell is urging users of its hardware to update to Dell SupportAssist for Business PCs version 2.0.1 and Dell SupportAssist for Home PCs version 3.2.2.
The bug, tracked as CVE-2019-12280, affects SupportAssist for Business PCs version 2.0 and SupportAssist for Home PCs version 3.2.1 and earlier. Dell rates the bug as a high-severity issue.
PC Doctor for its part says it is the “world’s leading hardware diagnostic and system information tool [that] keeps your devices running their best”, offering OEMs “hardware diagnostics, advanced system information, system history, monitoring tools, and more”.
Peleg Hada, a researcher from security firm SafeBreach, reported the bug to Dell and has posted a detailed explanation of the problem.
On Windows 10 Dell machines, a high-privilege service called ‘Dell Hardware Support’ seeks out several software libraries that could be used by a local attacker to escalate privileges.
Hada explains that a regular user could replace a software library with one of their own to achieve code execution as the operating system. This can be achieved by using a utility library used by PC Doctor called Common.dll.
Hada notes that the “program doesn’t validate whether the DLL that it will load is signed” and this means “it will load an arbitrary unsigned DLL”.
Other hardware could be affected by products that use PC Doctor as their base for similar diagnostic services. These products include Corsair One Diagnostics, Corsair Diagnostics, Staples EasyTech diagnostics, Tobii I-Series diagnostic tool, and Tobii Dynavox diagnostic tool.