Millions of Dell PCs Vulnerable to Flaw in Third-Party Component
Millions of PCs made by Dell and other OEMs are vulnerable to a flaw stemming from a component in pre-installed SupportAssist software. The flaw could enable a remote attacker to completely takeover affected devices.
The high-severity vulnerability (CVE-2019-12280) stems from a component in SupportAssist, a proactive monitoring software pre-installed on PCs with automatic failure detection and notifications for Dell devices. That component is made by a company called PC-Doctor, which develops hardware-diagnostic software for various PC and laptop original equipment manufacturers (OEMs).
According to Dells website, SupportAssist is preinstalled on most of Dell devices running Windows, which means that as long as the software is not patched, this vulnerability probably affects many Dell users, Peleg Hadar, security researcher with SafeBreach Labs who discovered the breach said in a Friday analysis.
https://threatpost.com/millions-of-dell-pcs-vulnerable-to-flaw-in-third-party-component/145833/
Eugene
(62,651 posts)Source: Forbes
Warning Issued For Millions Of Microsoft Windows 10 Users
Gordon Kelly Senior Contributor
Consumer Tech
I write about technology's biggest companies
Windows 10 has enough problems to deal with right now. But Microsofts partners just made things a lot worse.
Picked up by Gizmodo, acclaimed Californian security company SafeBreach has revealed that software pre-installed on PCs has left millions of users exposed to hackers. Moreover, that estimate is conservative with the number realistically set to be hundreds of millions.
The flaw lies in PC-Doctor Toolbox, systems analysis software which is rebadged and pre-installed on PCs made by some of the worlds biggest computer retailers, including Dell, its Alienware gaming brand, Staples and Corsair. Dell alone shipped almost 60M PCs last year and the company states PC-Doctor Toolbox (which it rebrands as part of SupportAssist) was pre-installed on most of them.
What SafeBreach has discovered is a high-severity flaw which allows attackers to swap-out harmless DLL files loaded during Toolbox diagnostic scans with DLLs containing a malicious payload. The injection of this code impacts both Windows 10 business and home PCs and enables hackers to gain complete control of your computer.
-snip-
Read more: https://www.forbes.com/sites/gordonkelly/2019/06/22/microsoft-windows-10-problem-warning-dell-diagnostics-security-upgrade-windows/#147022a63f28
Brainfodder
(7,181 posts)Look for: (in bold)
The flaw lies in PC-Doctor Toolbox, systems analysis software which is rebadged and pre-installed on PCs made by some of the worlds biggest computer retailers, including Dell, its Alienware gaming brand, Staples and Corsair. Dell alone shipped almost 60M PCs last year and the company states PC-Doctor Toolbox (which it rebrands as part of SupportAssist) was pre-installed on most of them.
Using the search box within Windows 10, if you have it installed, should probably find it.
I build my own system, so I don't have pre-installed squatters when I start a new system except the ones already inside Windows 10.
How to be rid of it, there are likely already plenty of web sites with details, go look for it?