A group of researchers from the security firm SafeBreach Labs has just announced the detection of a vulnerability in SupportAssist The support software that comes preinstalled on most computers of the popular brand Dell and products from other manufacturers using PC-Doctor Toolbox tool.
Experts explained on an article published on the website Tekcrispy, that this problem is potentially dangerous and that, if exploited, would allow hackers remotely obtain administrator privileges on the affected PCs which, by the way, it is in millions of PCs around the world.
Dell, in quick response to the SafeBrech report, released a security update to fix the vulnerability, which is called CVE-2019-12280.
According SafeBreach, the vulnerability would allow hackers to take control of a PC and read the physical memory that has been stored there. The reason for this is that the software troubleshooting runs with administrator privileges, so it’s possible to load unsafe dynamic link libraries (DLLs) from other systems folders by PATH. So basically if a hacker breached through the vulnerability into the system, that’d mean that using the right address they could go into any of the one million PCs and extract data, download malware, modify or destroy valuable info, etc. And Dell would be responsible for all of that happening if they didn’t fix it as soon as possible.
This is how it works, when SupportAssist starts, the corresponding DLL files are loaded, however, hackers can damage these files and replace them with malicious DLL as stated before, and then by doing that they could write software code that uses these DLLs. Thus, the vulnerability would allow the hacker to gain control of a particular system.
Researchers, for now, have failed to provide the certainty that the fault has not been exploited. However, as discussed earlier, million users of laptops and desktop computers have the tool Dell preinstalled on their systems, which makes them an attractive target for criminals. The worst thing about this is that the user isn’t able to do anything about it, they are dependent on the actions that the brand carries out, in that sense, it is a case of there’s nothing you can do except watch. Since the software is preinstalled and is integrated to the system, one could argue that you could take de administrator privileged out of the SupportAssist, but that isn’t possible, sadly. If you are victim of a case that has somewhat of a relation to this, you should contact DELL and let them know what happened, that way you’ll get protected and also let them handle the problem.