SupportAssist Flaw Affects Millions of Dell PCs

Walden Systems Geeks Corner news SupportAssist Flaw Affects Millions of Dell PCs Rutherford NJ New Jersey NYC New York City North Bergen County
CielView-Server minimizes redundancy in computing resources while allowing users remote desktop access to virtualized user Desktops. CielView-Desktop provides customized solutions to each user in an organization

Millions of PCs made by Dell and other PC manufacturers are vulnerable to a flaw stemming from a component that is pre-installed called SupportAssist software. The flaw could enable a remote hacker to completely takeover affected devices. The high-severity vulnerability,CVE-2019-12280, comes from a component in SupportAssist, a proactive monitoring software pre-installed on PCs with automatic failure detection and notifications for Dell systems. That component is made by a company called PC-Doctor, which develops hardware-diagnostic software for various PC and laptop original equipment manufacturers.

According to Dell's website, SupportAssist is preinstalled on most of Dell devices running Windows, which means that as long as the software is not patched, this vulnerability probably affects many Dell users. A patch has been issued by PC-Doctor that fixes the affected devices. Customers can find the latest version of SupportAssist here. Dell sought to downplay the flaw, stating that customers are urged to turn on automatic updates or manually update their SupportAssist software. According to a Dell spokesman, because most customers have automatic updates enabled, around 90 percent of customers to date have received the patch.


According to Dell, the vulnerability discovered by SafeBreach is a PC Doctor vulnerability, a third-party component that ships with Dell SupportAssist for Business PCs and Dell SupportAssist for Home PCs. PC Doctor has moved quickly to release the fix to Dell. Dell implemented the patch and released updates on May 28, 2019 for the affected SupportAssist versions.

The flaw comes from a component in SupportAssist, which checks the health of system hardware and software and requires high permissions. The vulnerable PC-Doctor component is a signed driver installed in SupportAssist. This allows SupportAssist to access the hardware such as physical memory or PCI. The component has a dynamic link library loading vulnerability glitch that could allow a hacker to load an arbitrary unsigned DLL into the service. When loading a DLL into the program, no digital certificate validation is made against the binary. The program doesn’t validate whether the DLL that it will load is signed. Therefore, it will load an arbitrary unsigned DLL without any hesitation.

PC-Doctor did not disclose who the other affected OEMs are, but did say that patches have been released to address it. PC-Doctor became aware of an uncontrolled search path element vulnerability in PC-Doctor's Dell Hardware Support Service and PC-Doctor Toolbox for Windows. They found that his vulnerability allows local users to gain privileges and conduct DLL hijacking attacks via a trojan horse DLL located in an unsecured directory. According to PC-Doctor, it has already released updates to all affected products to address the issue.