Dell SupportAssist contained a serious PC Doctor component leak

Spread the love

Dell has patched a critical vulnerability in its SupportAssist software, which comes standard on Dell PCs for consumer and business users. More specifically, it concerns a vulnerability in the PC-Doctor software, which is also used by other manufacturers.

The vulnerability is in version 2.0 of Dell’s SupportAssist for Business and version 3.2.1 and earlier versions of Dell SupportAssist for Home. Dell has released new versions of the software, which users can download with an automatic update. This is the second time in a short time that Dell has closed a critical vulnerability in SupportAssist. Dell reports that the vulnerability this time is in the PC-Doctor hardware diagnostics component.

The vulnerability was found by security company SafeBreach. It reports that other PC manufacturers also use the PC-Doctor Toolbox for Windows for software that they ship standard with systems for diagnostic purposes. According to PC-Doctor, “more than a hundred million copies” of its software are preinstalled on Windows computers. Corsair Diagnostics and the Tobii Dynavox Diagnostic Tool, among others, are based on the software.

The vulnerability allows attackers to load and run software with malicious content and bypass Windows 10’s Driver Signature Enforcement. That protection requires drivers running in kernel mode to be signed. Because the PC Doctor driver is already signed, attackers can access low-level memory via the vulnerable software, for example. SafeBreach developed a proof-of-concept that allowed the research team to read physical memory.

You might also like