25 June 2019

Millions of Dell PCs vulnerable to attack, due to a flaw in bundled system-health software


Millions of Dell PCs and laptops running Windows are vulnerable to attack via a high severity security hole, that could be exploited by malicious hackers to hijack control over devices.

In a support advisory published on its website, Dell reveals that the problem lies within a third-party component of SupportAssist, troubleshooting software bundled with the company’s home user and business PCs. Software which the PC manufacturer describes as “the industry’s first automated proactive and predictive support technology.”

In its promotional material, Dell claims SupportAssist “proactively checks the health of your system’s hardware and software. When an issue is detected, the necessary system state information is sent to Dell for troubleshooting to begin. Dell will contact you to start the resolution conversation, preventing issues from becoming costly problems.”

However, security researcher Peleg Hadar discovered that the PC Doctor component of SupportAssist contains a DLL hijacking vulnerability, which can be exploited during an attack to gain system-level privileges. Through this mechanism a hacker could easily gain control of a targeted computer.


No comments:

Post a Comment