Millions of computers manufactured by Dell and other OEM manufacturers have been vulnerable to a defect caused by a component in the installed Support Assist software that allows the attacker to take full control of the devices.
Maximum Severity Vulnerability (CVE-2019-12280) causes Support Assist, a monitoring program pre-installed on a PC with automatic fault detection and error notification for Dell devices. This component is manufactured by PC-Doctor, which develops hardware and diagnostic software for various manufacturers of PC and portable equipment (OEM).
Peleg Hadar, a security specialist at SafeBreach Labs who discovered the problem, said Support Assist is pre-installed on most Dell devices running Windows, meaning that until the software is fixed, this vulnerability probably affects many Dell users.
A patch has been released by PC-Doctor.
Dell has made every effort to mitigate this disadvantage by inviting users to enable automatic updates or manually update Support Assist software. Since most customers have automatic updates enabled, around 90% customers have received the patch to date, a Dell spokesperson said.
Support Assist, checks the health of the system hardware and software and requires many permissions. A vulnerable component of PC-Doctor is the driver installed in Support Assist. This allows the SupportAssist program to access hardware (such as physical memory or PCI).
The component has a dynamic link library (DLL) load vulnerability error that can allow a hacker to load an arbitrary unsigned DLL into the service. A DLL is a file format used to store multiple processes for Windows programs.
When the DLL starts loading: “The digital certificate for the binary file is not validated. The program does not check whether the DLL it will load is signed. Therefore, it will load an arbitrary unsigned DLL without problems. “