Dell fixes high-risk vulnerability in pre-installed SupportAssist software

Dell pushed out fixes for a high-risk vulnerability in its pre-installed SupportAssist software and urges users who don’t have auto updating enabled to upgrade the software manually.

Dell SupportAssist CVE-2019-12280

About the vulnerability (CVE-2019-12280)

Dell SupportAssist software, which comes pre-installed on most Dell laptops and computers running Windows, has administrator-level access to the operating system (via a signed driver) because it must be able to identify issues, run diagnostics, driver-update scans, and install drivers.

In May, researcher Bill Demirkapi discovered a remote code execution vulnerability that can be triggered by tricking a victim user into downloading and executing arbitrary executables.

This new flaw (CVE-2019-12280) may allow a remote attacker to load an arbitrary unsigned DLL into a service that runs as SYSTEM, achieving privilege escalation and persistence.

“After an attacker exploits the flaw, he gains execution as SYSTEM within a signed service, and he can basically do whatever he wants, including using PC-Doctor signed kernel driver to read and write physical memory,” Peleg Hadar, Security Researcher, SafeBreach Labs, explained the danger, and provided more technical and exploitation details.

The vulnerability was unearthed by SafeBreach researchers, who later realized that it affects Dell SupportAssist components written and maintained by PC-Doctor, a Nevada-based diagnostic software firm, and that it also affects additional OEMs which use a rebranded version of the PC-Doctor Toolbox for Windows software components.

These include CORSAIR ONE Diagnostics, CORSAIR Diagnostics, Staples EasyTech Diagnostics, Tobii I-Series Diagnostic Tool and Tobii Dynavox Diagnostic Tool. According to PC-Doctor, “leading computer makers have pre-installed over 100 million copies of PC-Doctor for Windows on computer systems worldwide.”

Fixing the flaw

PC-Doctor pushed out fixes and made them available to OEMs in late May and early June, and Dell released them in late May.

Users who have auto updating enabled have already received them, those that haven’t are urged to download the updated (fixed) software and install it themselves.

Business users should upgrade to Dell SupportAssist for Business PCs version 2.0.1, and home users to Dell SupportAssist for Home PCs version 3.2.2.

Share this
You are reading
Dell laptop

Dell fixes high-risk vulnerability in pre-installed SupportAssist software