Millions of Windows Dell PCs Need Patching

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
Dell's troubleshooting software SupportAssist, bundled with the US tech titan's home and business computers, has a security flaw that can be exploited by malware and rogue logged-in users to gain administrator powers.

The Texan system slinger today issued an advisory warning that its PC repair tool suffers a privilege-escalation vulnerability, CVE-2019-12280, and needs patching. We're told Dell SupportAssist for Business PCs version 2.0.1 and Dell SupportAssist for Home PCs version 3.2.2 are the builds you need to fetch and install to kill off this high-severity hole. Affected versions of the software include Dell SupportAssist for Business PCs version 2.0, and Dell SupportAssist for Home PCs version 3.2.1 and all prior releases. The IT giant includes the Windows-based troubleshooting program with new desktops, notebooks, and tablets. Unfortunately, as eggheads at SafeBreach Labs discovered and privately reported, the software insecurely loads .dll files when run. Researcher Peleg Hadar told The Register SupportAssist, which runs with SYSTEM-level privileges, will automatically pull in unsigned code libraries from user-controlled folders. That means malware or dodgy users can leave their own .dll files in a path, wait for SupportAssist to blindly load them, and thus execute code within an admin context.
Dell is not alone in shipping PCs with this particular flaw. The reason for this is Dell doesn't actually make SupportAssist. The software itself is written and maintained by PC Doctor, a support and diagnostics software specialist that sells its code to PC makers that then rebrand the tools and bundle them into their own computer products. "Once we found and reported it to Dell, they reported it to PC Doctor," explained Hadar. "They said there are several OEMs that are affected by this."
 

Solarquest

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
....
This time, it can affect other laptop manufacturers that are also, like Dell, using rebranded versions of the same Windows package, which includes a component known as PC-Doctor Toolbox. Other companies known to make use of this same component in software packages include gaming brand Corsair, office supplies chain Staples, and eye-tracking company Tobii.
...
...
 

Burrito

Level 24
Verified
Top Poster
Well-known
May 16, 2018
1,363
215438


I never really thought much about it... but I just had the assumption that Dell had software engineers developing a nice tool for all of us Dell owners to make sure that our systems are taken care of.

I never really considered that SupportAssist is just a generic knock-off of PC-Doctor.

So much for my thoughts that Dell is looking out for us and making sure that we get all the right drivers and updates...

No wonder half-the-time, SupportAssist doesn't work right....

Oh well.

Whatever.
 

DeepWeb

Level 25
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
These support assistants with built-in remote assistance are poison.
@Vasudev to me it's not enough to remove them. I do a complete clean install the first time I buy any Windows computer and wipe the proprietary recovery partition. These OEMs are not helping anyone by having outdated bloatware on our computers.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
These support assistants with built-in remote assistance are poison.
@Vasudev to me it's not enough to remove them. I do a complete clean install the first time I buy any Windows computer and wipe the proprietary recovery partition. These OEMs are not helping anyone by having outdated bloatware on our computers.
I also noticed that Dell laptop can run twice as faster (no joke) after the clean Windows install with drivers loaded by Windows updates + some manual driver updates. :giggle:
 

Burrito

Level 24
Verified
Top Poster
Well-known
May 16, 2018
1,363
I also noticed that Dell laptop can run twice as faster (no joke) after the clean Windows install with drivers loaded by Windows updates + some manual driver updates. :giggle:

True.

I noticed this too after a "Malwarebytes accident." An MBAM update borked one of my laptops, and I decided to just do a clean windows install vice going to a previous image.

I was actually concerned about losing all of the "Dell stuff" -- as I just assumed they must be helping us Dell owners.... right?

Once I saw the performance improvement without all the Dell stuff, I am no longer concerned with retaining Dell 'support' software.

The PC I'm on now has not been 'Dell Support Software Liberated' ---- yet.

215444


215446
 

Attachments

  • 1561206067137.png
    1561206067137.png
    9.3 KB · Views: 333

Entreri

Level 7
Verified
May 25, 2015
342
I never keep this kind of garbage on any computer. Clean install the OS.

Every single computer runs faster after clean install, even a little noticeable with a SSD.

Bloatware, it ain't just smartphones.
 

mike6688

Level 2
Verified
Sep 27, 2017
69
True.

I noticed this too after a "Malwarebytes accident." An MBAM update borked one of my laptops, and I decided to just do a clean windows install vice going to a previous image.

I was actually concerned about losing all of the "Dell stuff" -- as I just assumed they must be helping us Dell owners.... right?

Once I saw the performance improvement without all the Dell stuff, I am no longer concerned with retaining Dell 'support' software.

The PC I'm on now has not been 'Dell Support Software Liberated' ---- yet.

View attachment 215444

View attachment 215446

I was the same. First thing after a reinstall I would login to dell and reinstall everything.
However, last week I refreshed windows and only installed support assist and essential apps (I'll be removing support assist now though). My laptop is running much better without all the Dell bloat.
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Solution: Uninstall.

FAQ:
  1. Will my computer still work? Yes
  2. Will I catch a virus? No

Search online to see what the specifics of the software before uninstalling pre-installed manufacturer software.
 

CyberTech

Level 44
Verified
Top Poster
Well-known
Nov 10, 2017
3,247
That's a reason my sister-in-law have a Dell laptop its very slow and also the support is annoying it ask you to update dell stuff/drivers i uninstalled the support but not some of dell stuffs i would try it see what happens... :emoji_fingers_crossed:
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
That's a reason my sister-in-law have a Dell laptop its very slow and also the support is annoying it ask you to update dell stuff/drivers i uninstalled the support but not some of dell stuffs i would try it see what happens... :emoji_fingers_crossed:
Keep and do not change the factory partitions on the disk. They are required in the case of hardware failure. If you will ask for the technical help, the DELL stuff will want to see the results of the tests, which can be run on the boot. There is also a hidden partition for restoring the factory system.
 

Vasudev

Level 33
Verified
Nov 8, 2014
2,224
Keep and do not change the factory partitions on the disk. They are required in the case of hardware failure. If you will ask for the technical help, the DELL stuff will want to see the results of the tests, which can be run on the boot. There is also a hidden partition for restoring the factory system.
They are not needed anymore. Windows 10 fresh install creates those exact partitions and are properly cleaned up and updated in background to get good experience of Resetting a PC via Windows for non tech savy users.
 

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
Because SupportAssist runs as SYSTEM, it has very deep hooks into the operating system, and hijacking its functions would let an attacker do virtually anything on the machine -- especially because it's a "signed" service recognized as safe by Microsoft. Unfortunately, the software creates an open door for attackers because it searches for a few DLLs that weren't on the Dell machines the SafeBreach team used: AlienFX.dll, atiadlxx.dll, atiadlxy.dll and LenovoInfo.dll. The last one is interesting because a Dell machine shouldn't contain a file called "LenovoInfo.dll". That may be a clue to the identity of one of PC-Doctor's other clients.
 
F

ForgottenSeer 58943

The golden rule, whatever system I buy or build. I dban the drive, and install my own licensed version of Windows 10 Pro. I don't even trust windows builds sent to these major PC makers anymore either, and I want my own guaranteed fresh copy free of nonsense (or potential nonsense).

It's sad. One contractor I worked for the IT Director was a fanboy of Dell and ensured Support Assist was put on all of them, even if they didn't come with it. That guy was an absolute fool through and through and I am so glad to be away from that place.
 

Vasudev

Level 33
Verified
Nov 8, 2014
2,224
Do you mean that Dell online support will not ask you to make and show the results of the tests made by you by using Dell tools?
Did you have contact with Dell stuff?
They only validate ePSA aka Pre-Boot Diagnosis built into every UEFI OEM BIOS say ASUS,huawei, HP, Dell, Alienware, Lenovo etc... You see, running those tools in Windows have more issues because of faulty/scam/ransomware third party apps, malformed certificates, malformed dlls, AVs blocking OEM apps etc... Basic check is CPU temps exceeding 95C on Windows but its sane outside Windows aka ePSA or Linux at 60C, so user apps are the culprit or even the Support Assistant apps.
ePSA can avoid replacements and save their money.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top