Security flaw in Dell SupportAssist tool puts millions of Windows systems at risk

Black and chrome Dell logo

A Windows support tool bundled with Dell computers has a high-severity security hole that leaves millions of systems at risk of a privilege-escalation attack.

Dell has announced that both the Business and Home versions of its SupportAssist tool have a security vulnerability within the PC Doctor component that requires immediate patching. The discovery was made by SafeBreach, and there could be over 100 million systems that are affected.

See also:

The massive scale of the problem stems from the fact that Dell's SupportAssist tool includes PC-Doctor, which is licensed to other companies. It's developer brags that "leading manufacturers have installed over 100 million copies of PC-Doctor for Windows on computer systems worldwide". SafeBreach warns that it is possible to "exploit this vulnerability in order to load an arbitrary unsigned DLL into a service that runs as SYSTEM, achieving privilege escalation and persistence".

For now, it is only Dell that has issued a security advisory notice, although the company gives little detail about the problem.

If you are using Dell SupportAssist for Business PCs version 2.0, or Dell SupportAssist for Home PCs version 3.2.1 or an earlier version, your system is vulnerable. You need to update to at least Dell SupportAssist for Business PCs version 2.0.1 or Dell SupportAssist for Home PCs version 3.2.2.

In a statement issued to Tom's Guide, Dell said:

Dell SupportAssist is not made by PC-Doctor. The vulnerability discovered by SafeBreach is a PC-Doctor vulnerability, which is a third-party component that ships with Dell SupportAssist for PCs. More than 90 percent of customers to date have received the update, released on May 28, 2019, and are no longer at risk. Dell SupportAssist updates automatically if automatic updates are enabled, and most customers have automatic updates turned on.

If you'd prefer to update manually, here are the links you need:

Image credit: Mashka / Shutterstock

© 1998-2020 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.