Pre-installed software on millions of Dell PCs has a vulnerability that malware can exploit to take over a computer.
The vulnerability deals with the Dell SupportAssist software, which is ironically designed to optimize the PC and keep the firmware up to date. This gives it high-level access across the system, which can prove to be a double-edged sword.
A researcher at the security firm SafeBreach, Peleg Hadar, noticed a flaw in the way SupportAssist insecurely loads DLL (Dynamic Link Library) files. As a result, you can trick the software to run corrupted DLL files, which can then execute computer code on the machine.
That’s bad news if a hacker can get malware on the PC. An attacker could exploit flaw to download additional malicious code to the machine.
In response, Dell has issued a patch, which should roll out automatically to affected users. You can also manually download the fix by visiting the company’s support page. The affected products include Dell SupportAssist for Business PCs version 2.0 and SupportAssist for Home PCs version 3.2.1 and older.
According to Dell’s own website, SupportAssist is used by millions of its customers. Unfortunately, the vulnerability impacts other brands as well. That’s because the developer of SupportAssist is a third-party company called PC-Doctor, which specializes in producing diagnostic tool software.
In a statement, PC-Doctor said the vulnerability was also found in the company’s PC-Doctor Toolbox software for Windows, which has been installed on over 100 million computers from other unnamed PC vendors. Still, the company is downplaying the vulnerability’s severity.
“To exploit this vulnerability, an administrative user or process would have to change the system’s PATH environment variable to include a folder writable by non-admin users, and craft a DLL that exploits PC-Doctor’s administrative privileges,” the company said. “It is not possible to exploit this vulnerability without modifying default Windows settings.”
In other words, the vulnerability can be easier for a hacker to exploit if the computer is running as an administrator account, which is the first account created on a Windows PC and has full control over the machine’s system files.
PC-Doctor has also begun rolling out fixes to other vendors affected by the flaw. So far, the company isn’t saying which. But the PC-Doctor Toolbox software can be rebranded by another name.