Major security flaw hits Dell PCs - and potentially millions of other laptops

Joanna Estrada
June 23, 2019

The flaw, according to Dell's advisory, sits in a system health-check utility tool that comes bundled in with millions of Dell machines, and if left unpatched could result in privilege escalation vulnerabilities being available for cyber crims to exploit. The vulnerability exploits a security hold in software manufactured by PC-Doctor that is used as part of Dell SupportAssist software.

"Leading computer makers have pre-installed over 100 million copies of PC-Doctor for Windows on computer systems worldwide", states the website, meaning the vulnerability also affects other original equipment manufacturers that rely on PC-Doctor.

Dell has released a security alert letting customers know that they should update SupportAssist for both business and home PCs. Being aware of the security threat, Dell has released two security patches for SupportAssist in as many months.

As mentioned, SafeBreach was the one that discovered the flaw and reported this vulnerability. The reports reveal another high-level breach that allows any remote hacker to access root-level DLLs, and then insert malicious code at the deep system-level thereby taking over a system and gain access to the physical storage device of a laptop or a PC.

The affected module within SupportAssist is a version of PC-Doctor Toolbox found in a number of other applications, including Corsair ONE Diagnostics, Corsair Diagnostics, Staples EasyTech Diagnostics, Tobii I-Series Diagnostic Tool and Tobii Dynavox Diagnostic Tool. Dell's first priority is product security and helping our customers ensure the security of their data and systems.

If you are using Dell SupportAssist for Business PCs version 2.0, or Dell SupportAssist for Home PCs version 3.2.1 or an earlier version, your system is vulnerable. To avoid duplication, most OS's store pieces of code in common folders termed as Direct link libraries in Windows.

Peleg Hadar, a SafeBreach researcher said, "The vulnerability provides the ability to be loaded and executed by a signed service. We searched for a DLL which imports the PhysicalMemory::read function and uses it, so we could quickly understand how to use this function".

The flaw that allows malicious parties to take over PCs affects Dell SupportAssist for Business PCs version 2.0, as well as Dell SupportAssist for Home PCs version 3.2.1 and all prior versions.

Although SafeBreach did not provide any proof that hackers exploited the vulnerability, it did warn that it is possible to "exploit this vulnerability in order to load an arbitrary unsigned DLL into a service that runs as SYSTEM, achieving privilege escalation and persistence".

Other reports by Click Lancashire

Discuss This Article