Dell warning: Patch our Windows 10 PCs now to stop attackers taking control

[The AchieVer]

Dell warning: Patch our Windows 10 PCs now to stop attackers taking control

Buggy third-party software library could allow an attacker to compromise a Dell Windows PC.

 

 

 

 

Dell has released a second patch in as many months for its laptop bloatware known as SupportAssist, a utility that's meant to help solve problems but which could give hackers a way to compromise a vulnerable computer. 

 

Dell has released updates for SupportAssist for Business and SupportAssist for Home due to vulnerabilities found in a component called PC Doctor, a product from a US vendor that sells diagnostics software to hardware OEMs to monitor a system's health.  

 

It's likely this bug has a wide impact because SupportAssist ships with most Dell laptops and computers running Windows 10. 

 

Dell patched a serious bug in SupportAssist in April after an independent security researcher found the support tool could be used by remote attackers to take over millions of vulnerable systems.     

 

While that bug resided in Dell's SupportAssist code itself, this vulnerability sits inside a third-party software library provided by PC Doctor, called 'Common.dll'. That means it could affect PCs from other OEMs that use PC Doctor software. 

 

In an advisory, Dell is urging users of its hardware to update to Dell SupportAssist for Business PCs version 2.0.1 and Dell SupportAssist for Home PCs version 3.2.2. 

 

The bug, tracked as CVE-2019-12280, affects SupportAssist for Business PCs version 2.0 and SupportAssist for Home PCs version 3.2.1 and earlier. Dell rates the bug as a high-severity issue. 

 

PC Doctor for its part says it is the "world's leading hardware diagnostic and system information tool [that] keeps your devices running their best", offering OEMs "hardware diagnostics, advanced system information, system history, monitoring tools, and more".

 

Peleg Hada, a researcher from security firm SafeBreach, reported the bug to Dell and has posted a detailed explanation of the problem. 

 

On Windows 10 Dell machines, a high-privilege service called 'Dell Hardware Support' seeks out several software libraries that could be used by a local attacker to escalate privileges. 

 

Hada explains that a regular user could replace a software library with one of their own to achieve code execution as the operating system. This can be achieved by using a utility library used by PC Doctor called Common.dll. 

 

Hada notes that the "program doesn't validate whether the DLL that it will load is signed" and this means "it will load an arbitrary unsigned DLL".

 

Other hardware could be affected by products that use PC Doctor as their base for similar diagnostic services. These products include Corsair One Diagnostics, Corsair Diagnostics, Staples EasyTech diagnostics, Tobii I-Series diagnostic tool, and Tobii Dynavox diagnostic tool. 

 

 

 

Source

[steven36]

Any one who has any sense with windows 10  always activates on Oem devices  all you have do is get and iso of the latest Windows  and wipe all there spyware off your system and clean install  Windows  and you never have to worry about it again . On forums like these people always advise against using PCs  with the vendors image . If there is any thing you need from Dell  you can just download it from them i never had no problem  with mine  installing windows 10 or Windows 8.1 on it clean  i just used driver easy after i installed Windows and it put everything i needed  in it  and it was fine ,they have free programs to to do drivers as well that are good,

 

Dell , HP  and Lenvo have all put shady Root certificates in there images  with spyware in the past  i would not trust  using a stock computer from them . Now my gateway  that have AMD is not so easy if your not careful about witch drivers you install  it will botch windows were you cant boot up .so you have to know what drivers to install on it.  I don't think many people on this forum would be running  a PC with a OEM image  no way?

 

HP done  it more than once How To Remove HP Touchpoint Analytics Spyware That’s Installing On PCs Without Permission 2017

https://hothardware.com/news/how-to-remove-hp-touchpoint-analytics-client-spyware-installing-pcs

 

I  reformatted  a infected  HP  with XP  shipped with spyware   back in like 2005/2006 that was bought at Walmart  you could not clean it because it was in the root of the system so i clean installed XP on it and fixed it . It use to be quite conman all the 1st cheap PCs were infected with spyware when the price drooped from  $1000 to like $500 . The reason they was half price they  came full of spyware and adware .

 

HP Admits to Selling Infected Flash-Floppy Drives 2007

https://www.pcworld.com/article/144207/article.html

 

Malware preinstalled on new hard drives 2007

http://www.taipeitimes.com/News/taiwan/archives/2007/11/11/2003387202

http://www.rlslog.net/malware-preinstalled-on-new-hard-drives/

 

Dell's Laptops are Infected with 'Superfish-Like' pre-installed Malware 2015

https://thehackernews.com/2015/11/superfish-malware-dell.html

 

Lenovo Caught (3rd Time) Pre-Installing Spyware on its Laptops 2015

https://thehackernews.com/2015/09/lenovo-laptop-virus.html

 

It would take a fool to use a OEM image !

 

Hell Installing Windows 10 is not much better its full of  ads and spyware too .

[Karlston]

 

Warning Issued For Millions Of Microsoft Windows 10 Users

 

Windows 10 has enough problems to deal with right now. But Microsoft’s partners just made things a lot worse. 

Windows 10 users have been exposed to a worrying new vulnerability Steve Kotecki

Picked up by Gizmodo, acclaimed Californian security company SafeBreach has revealed that software pre-installed on PCs has left “millions” of users exposed to hackers. Moreover, that estimate is conservative with the number realistically set to be hundreds of millions.

 

The flaw lies in PC-Doctor Toolbox, systems analysis software which is rebadged and pre-installed on PCs made by some of the world’s biggest computer retailers, including Dell, its Alienware gaming brand, Staples and Corsair. Dell alone shipped almost 60M PCs last year and the company states PC-Doctor Toolbox (which it rebrands as part of ‘SupportAssist’) was pre-installed on “most” of them.

 

What SafeBreach has discovered is a high-severity flaw which allows attackers to swap-out harmless DLL files loaded during Toolbox diagnostic scans with DLLs containing a malicious payload. The injection of this code impacts both Windows 10 business and home PCs and enables hackers to gain complete control of your computer.

 

What makes it so dangerous is PC-makers give Toolbox high-permission level access to all your computer’s hardware and software so it can be monitored. The software can even give itself new, higher permission levels as it deems necessary. So once malicious code is injected via Toolbox, it can do just about anything to your PC.

 

Dell SupportAssist has PC-Doctor Toolbox built into it and it is shipping on 10s of millions of PCs every year Dell

Worse still, PC makers are currently engaged in a game of Whack-A-Mole trying to make Toolbox secure. SafeBreach reports it initially found flaws in Toolbox back in April and Dell released a patch to address it, but now SafeBreach has found further vulnerabilities and it looks highly that they will not be the last.

 

The end result is many Windows 10 users exposed to this problem are unlikely to even know they have it because who actually uses pre-installed bloatware? As such, my advice would be to search your computer and uninstall it. Dell builds Toolbox into SupportAssist, Corsair relabels it as ‘One Diagnostics’ or just ‘Diagnostics’, Staples calls it ‘Easy Tech Diagnostics’, Tobii refers to its as ‘I-Series/Dynavox Diagnostic Tools’ and there will inevitably be more partners so do your research.

 

As a wider tip: I would also advise anyone who buys a new PC to make their first step formatting the computer and reinstalling Windows. You should be in control of what programs are running on your PC. If you don’t know how to do this, find a family member, friend or colleague who does.

 

Does Microsoft deserve blame for this? Ultimately, it is helpless to stop PC makers pre-installing whatever they want on Windows computers, even if it compromises their security, and this is something which drives people to other platforms. It’s frustrating, but this level of partnering is also what made Windows such a global hit in the first place.

 

That said, it’s also what makes Microsoft’s recent pledge of more "control, quality and transparency" not only worryingly complex but extremely hard to deliver.

 

 

 

Source: Warning Issued For Millions Of Microsoft Windows 10 Users (Forbes)

[steven36]

this was already posted  Dell SupportAssist has PC-Doctor Toolbox

 

[Karlston]

Similar topics merged.

 

( "PC-Doctor" search doesn't find "PC Doctor")

[steven36]

1 minute ago, Karlston said:

Similar topics merged.

 

(<blush> "PC-Doctor" search doesn't find "PC Doctor")

I notice it don't find a lot of things when you search

[steven36]

This shows why OS like Linux never done good millions of people to dumb to  clean install of Windows 10 without all the bloatware  much less stick Linux on it.  My dell came with update center and all that crap Windows 8.1 free update to Windows 10 on the box  and all that Dell stuff made my system run slow  they had installed on it from Dell . People got  some really shitty setups out there .