Major security flaw hits Dell PCs – and potentially millions of other laptops

Dell XPS 13 2-in-1
Image credit: TechRadar

A major vulnerability has been discovered in a system health-check utility installed on millions of Dell PCs, and while the hole has been patched, if you’re running this software, you need to make sure that your version of the tool is up-to-date – or run the risk of getting your machine hacked.

Perhaps even more worryingly, this privilege escalation vulnerability could be present on other PC manufacturers’ machines – seemingly to the tune of 100 million devices – and we’ll come back to that shortly.

In Dell PCs, the problem pertains to the firm’s pre-installed SupportAssist app, although the actual security flaw is in PC-Doctor, a third-party component of Dell’s support utility.

As uncovered by security firm SafeBreach, the vulnerability (CVE-2019-12280) allows an attacker to craft an unsigned DLL which the software then loads without verifying, and this can be used to execute a malicious payload.

Dell assures us, however, that the vast majority of customers have already been patched. The PC maker told Tom’s Guide: “More than 90% of customers to date have received the update, released on May 28, 2019, and are no longer at risk. Dell SupportAssist updates automatically if automatic updates are enabled, and most customers have automatic updates turned on.”

If you don’t have automatic updates enabled, though, you need to make sure that you get your PC patched up pronto. You should be running Dell SupportAssist for Home PCs version 3.2.2, or Dell SupportAssist for Business PCs version 2.0.1, to make sure you’re bullet-proof from the problem.

So you can either turn on automatic updates in SupportAssist, or check out Dell’s instructions for manually updating here. Whatever you do, just make sure you get patched.

Widespread impact?

As we said at the outset, though, perhaps the most disturbing revelation here is not about Dell machines, but the other PC vendors out there who also use PC-Doctor – as they may not have been patched so (apparently) effectively, or indeed not patched at all.

According to PC-Doctor itself: “Leading manufacturers have installed over 100 million copies of PC-Doctor for Windows on computer systems worldwide.”

Unfortunately, the company doesn’t mention which ‘leading manufacturers’ also use its software tool. And a further complication is that some manufacturers use a rebranded version of the utility, so it may not even be called PC-Doctor.

Other alternate names for the software, according to SafeBreach, include Corsair Diagnostics and Staples EasyTech Diagnostics among others.

The former would seem to indicate that PCs sold by Corsair may have an issue, which may or may not have been patched, but obviously we can’t jump to any conclusions.

What we need is for the relevant vendors and/or the maker of PC-Doctor to step forward and clarify where any further risks might be present; and this needs to happen quickly.

Jake Moore, cybersecurity specialist at ESET, told us: “This vulnerability highlights the issue of third party applications that are given partial access and could potentially be exploited by malware to gain administrator rights.

“It also highlights the threat caused by rogue insiders and could cause companies to lose brand confidence even when it isn’t entirely their fault. Many PCs could be affected and as usual it is vitally important that these machines are updated to the latest version.”