upnorth

Level 33
Verified
Trusted
Content Creator
Dell's troubleshooting software SupportAssist, bundled with the US tech titan's home and business computers, has a security flaw that can be exploited by malware and rogue logged-in users to gain administrator powers.

The Texan system slinger today issued an advisory warning that its PC repair tool suffers a privilege-escalation vulnerability, CVE-2019-12280, and needs patching. We're told Dell SupportAssist for Business PCs version 2.0.1 and Dell SupportAssist for Home PCs version 3.2.2 are the builds you need to fetch and install to kill off this high-severity hole. Affected versions of the software include Dell SupportAssist for Business PCs version 2.0, and Dell SupportAssist for Home PCs version 3.2.1 and all prior releases. The IT giant includes the Windows-based troubleshooting program with new desktops, notebooks, and tablets. Unfortunately, as eggheads at SafeBreach Labs discovered and privately reported, the software insecurely loads .dll files when run. Researcher Peleg Hadar told The Register SupportAssist, which runs with SYSTEM-level privileges, will automatically pull in unsigned code libraries from user-controlled folders. That means malware or dodgy users can leave their own .dll files in a path, wait for SupportAssist to blindly load them, and thus execute code within an admin context.
Dell is not alone in shipping PCs with this particular flaw. The reason for this is Dell doesn't actually make SupportAssist. The software itself is written and maintained by PC Doctor, a support and diagnostics software specialist that sells its code to PC makers that then rebrand the tools and bundle them into their own computer products. "Once we found and reported it to Dell, they reported it to PC Doctor," explained Hadar. "They said there are several OEMs that are affected by this."
 

Solarquest

Level 33
Verified
Staff member
Malware Hunter
....
This time, it can affect other laptop manufacturers that are also, like Dell, using rebranded versions of the same Windows package, which includes a component known as PC-Doctor Toolbox. Other companies known to make use of this same component in software packages include gaming brand Corsair, office supplies chain Staples, and eye-tracking company Tobii.
...
...
 

Burrito

Level 18
Verified
215438


I never really thought much about it... but I just had the assumption that Dell had software engineers developing a nice tool for all of us Dell owners to make sure that our systems are taken care of.

I never really considered that SupportAssist is just a generic knock-off of PC-Doctor.

So much for my thoughts that Dell is looking out for us and making sure that we get all the right drivers and updates...

No wonder half-the-time, SupportAssist doesn't work right....

Oh well.

Whatever.
 

DeepWeb

Level 24
Verified
These support assistants with built-in remote assistance are poison.
@Vasudev to me it's not enough to remove them. I do a complete clean install the first time I buy any Windows computer and wipe the proprietary recovery partition. These OEMs are not helping anyone by having outdated bloatware on our computers.
 

Andy Ful

Level 46
Verified
Trusted
Content Creator
These support assistants with built-in remote assistance are poison.
@Vasudev to me it's not enough to remove them. I do a complete clean install the first time I buy any Windows computer and wipe the proprietary recovery partition. These OEMs are not helping anyone by having outdated bloatware on our computers.
I also noticed that Dell laptop can run twice as faster (no joke) after the clean Windows install with drivers loaded by Windows updates + some manual driver updates. :giggle:
 

Burrito

Level 18
Verified
I also noticed that Dell laptop can run twice as faster (no joke) after the clean Windows install with drivers loaded by Windows updates + some manual driver updates. :giggle:
True.

I noticed this too after a "Malwarebytes accident." An MBAM update borked one of my laptops, and I decided to just do a clean windows install vice going to a previous image.

I was actually concerned about losing all of the "Dell stuff" -- as I just assumed they must be helping us Dell owners.... right?

Once I saw the performance improvement without all the Dell stuff, I am no longer concerned with retaining Dell 'support' software.

The PC I'm on now has not been 'Dell Support Software Liberated' ---- yet.

215444


215446
 

Attachments

mike6688

Level 2
True.

I noticed this too after a "Malwarebytes accident." An MBAM update borked one of my laptops, and I decided to just do a clean windows install vice going to a previous image.

I was actually concerned about losing all of the "Dell stuff" -- as I just assumed they must be helping us Dell owners.... right?

Once I saw the performance improvement without all the Dell stuff, I am no longer concerned with retaining Dell 'support' software.

The PC I'm on now has not been 'Dell Support Software Liberated' ---- yet.

View attachment 215444

View attachment 215446
I was the same. First thing after a reinstall I would login to dell and reinstall everything.
However, last week I refreshed windows and only installed support assist and essential apps (I'll be removing support assist now though). My laptop is running much better without all the Dell bloat.
 

Spawn

Administrator
Verified
Staff member
Solution: Uninstall.

FAQ:
  1. Will my computer still work? Yes
  2. Will I catch a virus? No

Search online to see what the specifics of the software before uninstalling pre-installed manufacturer software.
 

CyberTech

Level 22
Verified
That's a reason my sister-in-law have a Dell laptop its very slow and also the support is annoying it ask you to update dell stuff/drivers i uninstalled the support but not some of dell stuffs i would try it see what happens... :emoji_fingers_crossed:
 

Andy Ful

Level 46
Verified
Trusted
Content Creator
That's a reason my sister-in-law have a Dell laptop its very slow and also the support is annoying it ask you to update dell stuff/drivers i uninstalled the support but not some of dell stuffs i would try it see what happens... :emoji_fingers_crossed:
Keep and do not change the factory partitions on the disk. They are required in the case of hardware failure. If you will ask for the technical help, the DELL stuff will want to see the results of the tests, which can be run on the boot. There is also a hidden partition for restoring the factory system.
 

Vasudev

Level 29
Verified
Keep and do not change the factory partitions on the disk. They are required in the case of hardware failure. If you will ask for the technical help, the DELL stuff will want to see the results of the tests, which can be run on the boot. There is also a hidden partition for restoring the factory system.
They are not needed anymore. Windows 10 fresh install creates those exact partitions and are properly cleaned up and updated in background to get good experience of Resetting a PC via Windows for non tech savy users.
 

upnorth

Level 33
Verified
Trusted
Content Creator
Because SupportAssist runs as SYSTEM, it has very deep hooks into the operating system, and hijacking its functions would let an attacker do virtually anything on the machine -- especially because it's a "signed" service recognized as safe by Microsoft. Unfortunately, the software creates an open door for attackers because it searches for a few DLLs that weren't on the Dell machines the SafeBreach team used: AlienFX.dll, atiadlxx.dll, atiadlxy.dll and LenovoInfo.dll. The last one is interesting because a Dell machine shouldn't contain a file called "LenovoInfo.dll". That may be a clue to the identity of one of PC-Doctor's other clients.
 

Slyguy

Level 42
Verified
The golden rule, whatever system I buy or build. I dban the drive, and install my own licensed version of Windows 10 Pro. I don't even trust windows builds sent to these major PC makers anymore either, and I want my own guaranteed fresh copy free of nonsense (or potential nonsense).

It's sad. One contractor I worked for the IT Director was a fanboy of Dell and ensured Support Assist was put on all of them, even if they didn't come with it. That guy was an absolute fool through and through and I am so glad to be away from that place.
 

Vasudev

Level 29
Verified
Do you mean that Dell online support will not ask you to make and show the results of the tests made by you by using Dell tools?
Did you have contact with Dell stuff?
They only validate ePSA aka Pre-Boot Diagnosis built into every UEFI OEM BIOS say ASUS,huawei, HP, Dell, Alienware, Lenovo etc... You see, running those tools in Windows have more issues because of faulty/scam/ransomware third party apps, malformed certificates, malformed dlls, AVs blocking OEM apps etc... Basic check is CPU temps exceeding 95C on Windows but its sane outside Windows aka ePSA or Linux at 60C, so user apps are the culprit or even the Support Assistant apps.
ePSA can avoid replacements and save their money.