Industry News

Millions of Dell PCs vulnerable to attack, due to a flaw in bundled system-health software

Millions of Dell PCs and laptops running Windows are vulnerable to attack via a high severity security hole, that could be exploited by malicious hackers to hijack control over devices.

In a support advisory published on its website, Dell reveals that the problem lies within a third-party component of SupportAssist, troubleshooting software bundled with the company’s home user and business PCs. Software which the PC manufacturer describes as “the industry’s first automated proactive and predictive support technology.”

In its promotional material, Dell claims SupportAssist “proactively checks the health of your system’s hardware and software. When an issue is detected, the necessary system state information is sent to Dell for troubleshooting to begin. Dell will contact you to start the resolution conversation, preventing issues from becoming costly problems.”

However, security researcher Peleg Hadar discovered that the PC Doctor component of SupportAssist contains a DLL hijacking vulnerability, which can be exploited during an attack to gain system-level privileges.

Through this mechanism a hacker could easily gain control of a targeted computer.

As the SupportAssist software is pre-installed on millions of Dell PCs and laptops, there’s plenty of incentive for online criminals to try to take advantage of the flaw.

But there’s worse news. Dell doesn’t actually make the software containing the vulnerability. It’s written by Nevada-based diagnostic software specialist PC Doctor who also license their technology to other PC manufacturers to bundle it – rebranded – with their own PCs and laptops.

According to Hadar, other affected products include:

  • PC-Doctor Toolbox for Windows
  • CORSAIR ONE Diagnostics
  • CORSAIR Diagnostics
  • Staples EasyTech Diagnostics
  • Tobii I-Series Diagnostic Tool
  • Tobii Dynavox Diagnostic Tool

So, the scale of the problem is likely to reach further than just Dell customers. PC Doctor claims on its website that “leading computer makers have pre-installed over 100 million copies of PC-Doctor for Windows on computer systems worldwide.”

Hadar reported the vulnerability to Dell on 29 April, who confirmed the problem and forwarded details to PC Doctor on 21 May. A patch was issued by Dell on 28 May, and should mean that any Dell computers which are configured to receive automatic updates are already patched.

Dell users concerned that their computers may be vulnerable should check what versions of SupportAssist they have installed on their PCs and laptops. Dell SupportAssist for Business PCs version 2.0.1 and Dell SupportAssist for Home PCs version 3.2.2 are said not to be vulnerable to the security hole.

However, if your Dell computer does not have automatic updates turned on, or if you have a different brand of computer that is running the vulnerable code, then you really should take action now and apply updates.

About the author

Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.

2 Comments

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • Every new laptop sems to be infested with rubbish software of little value to the user. I try to remove such software (always after first copying the recovery partition) and as a last resort will do a fresh install of Windows. We presumably have to pay for this worthless software which is not infrequently a security risk and often causes difficulties or irritations in use.

    • Totally agree with you Chris. Not sure if they are always pretending to develop rubbish software, but seems that very often that is what they develop.
      Anyhow, these programs should be reduced to 1/2 basic utilities and the other ones should only be advised as downloadable.
      Best.