Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

douglas9

(4,481 posts)
Sat Jun 22, 2019, 08:46 AM Jun 2019

Millions of Dell PCs Vulnerable to Flaw in Third-Party Component

Millions of PCs made by Dell and other OEMs are vulnerable to a flaw stemming from a component in pre-installed SupportAssist software. The flaw could enable a remote attacker to completely takeover affected devices.

The high-severity vulnerability (CVE-2019-12280) stems from a component in SupportAssist, a proactive monitoring software pre-installed on PCs with automatic failure detection and notifications for Dell devices. That component is made by a company called PC-Doctor, which develops hardware-diagnostic software for various PC and laptop original equipment manufacturers (OEMs).

“According to Dell’s website, SupportAssist is preinstalled on most of Dell devices running Windows, which means that as long as the software is not patched, this vulnerability probably affects many Dell users,” Peleg Hadar, security researcher with SafeBreach Labs – who discovered the breach – said in a Friday analysis.

https://threatpost.com/millions-of-dell-pcs-vulnerable-to-flaw-in-third-party-component/145833/

2 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
Millions of Dell PCs Vulnerable to Flaw in Third-Party Component (Original Post) douglas9 Jun 2019 OP
Not just Dell. This flaw may be in hundreds of millions of PCs. Eugene Jun 2019 #1
Concerned windows users do this: Brainfodder Jun 2019 #2

Eugene

(62,736 posts)
1. Not just Dell. This flaw may be in hundreds of millions of PCs.
Sun Jun 23, 2019, 01:26 PM
Jun 2019

Source: Forbes

Jun 22, 2019, 06:30pm

Warning Issued For Millions Of Microsoft Windows 10 Users

Gordon Kelly Senior Contributor
Consumer Tech
I write about technology's biggest companies

Windows 10 has enough problems to deal with right now. But Microsoft’s partners just made things a lot worse.

Picked up by Gizmodo, acclaimed Californian security company SafeBreach has revealed that software pre-installed on PCs has left “millions” of users exposed to hackers. Moreover, that estimate is conservative with the number realistically set to be hundreds of millions.

The flaw lies in PC-Doctor Toolbox, systems analysis software which is rebadged and pre-installed on PCs made by some of the world’s biggest computer retailers, including Dell, its Alienware gaming brand, Staples and Corsair. Dell alone shipped almost 60M PCs last year and the company states PC-Doctor Toolbox (which it rebrands as part of ‘SupportAssist’) was pre-installed on “most” of them.


What SafeBreach has discovered is a high-severity flaw which allows attackers to swap-out harmless DLL files loaded during Toolbox diagnostic scans with DLLs containing a malicious payload. The injection of this code impacts both Windows 10 business and home PCs and enables hackers to gain complete control of your computer.

-snip-


Read more: https://www.forbes.com/sites/gordonkelly/2019/06/22/microsoft-windows-10-problem-warning-dell-diagnostics-security-upgrade-windows/#147022a63f28

Brainfodder

(7,181 posts)
2. Concerned windows users do this:
Tue Jun 25, 2019, 02:55 PM
Jun 2019

Look for: (in bold)

The flaw lies in PC-Doctor Toolbox, systems analysis software which is rebadged and pre-installed on PCs made by some of the world’s biggest computer retailers, including Dell, its Alienware gaming brand, Staples and Corsair. Dell alone shipped almost 60M PCs last year and the company states PC-Doctor Toolbox (which it rebrands as part of ‘SupportAssist’) was pre-installed on “most” of them.

Using the search box within Windows 10, if you have it installed, should probably find it.

I build my own system, so I don't have pre-installed squatters when I start a new system except the ones already inside Windows 10.

How to be rid of it, there are likely already plenty of web sites with details, go look for it?

Latest Discussions»Help & Search»Computer Help and Support»Millions of Dell PCs Vuln...