Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Operating Systems Security Hardware

Millions of Dell PCs Vulnerable To Flaw In Pre-Installed Software (threatpost.com) 30

secwatcher shares a report from Threatpost: Millions of PCs made by Dell and other OEMs are vulnerable to a flaw stemming from a component in pre-installed SupportAssist software. The flaw could enable a remote attacker to completely takeover affected devices. The high-severity vulnerability (CVE-2019-12280) stems from a component in SupportAssist, a proactive monitoring software pre-installed on PCs with automatic failure detection and notifications for Dell devices. That component is made by a company called PC-Doctor, which develops hardware-diagnostic software for various PC and laptop original equipment manufacturers (OEMs). A patch has been issued by PC-Doctor that fixes impacted devices. Impacted customers can find the latest version of SupportAssist here (for single PC users) or here (for IT managers).
This discussion has been archived. No new comments can be posted.

Millions of Dell PCs Vulnerable To Flaw In Pre-Installed Software

Comments Filter:
  • by Anonymous Coward

    These things come with Windows pre-installed. That's already malware.

    • So if one wiped Windows from these PCs and installed either Linux or a BSD, would that still be an issue?
  • by Bobberly ( 1677220 ) on Friday June 21, 2019 @06:52PM (#58802172)

    ...but they insisted that Dell's sales team was correct with their ROI-numbers-pulled-from-nowhere in pre-imaging the machines for us. Nevermind the fact we have a PXE boot environment that's pretty much effortless to image and stage with. Yup, this sure saved us a lot of support hours.

  • by DigitAl56K ( 805623 ) on Friday June 21, 2019 @07:50PM (#58802348)

    While this vendor should have taken more care as their code is running elevated, DLL hijacking on Windows is a nightmare, especially because Windows can load a bunch of DLLs into your process before any of your program code has even run, depending on which imports your module declares to the loader, and which imports those imports declare, etc. There are various bandaids on top of the issue, but generally it's just an awkward problem that many developers won't even be aware of and in many cases the best you can do is try to harden against it.

  • Spyware known as Windows 10: 933 CVEs, of which 184 have score greater than 9
    Crapware known as SupportAssist: 4 CVEs, highest score 8.8
    What exactly are we talking about here?

  • You're getting a Dell!!

    https://giphy.com/gifs/90s-computer-dell-Akry6V17RGH60

A committee takes root and grows, it flowers, wilts and dies, scattering the seed from which other committees will bloom. -- Parkinson

Working...