Millions of Dell PCs Vulnerable To Flaw In Pre-Installed Software (threatpost.com) 27
secwatcher shares a report from Threatpost: Millions of PCs made by Dell and other OEMs are vulnerable to a flaw stemming from a component in pre-installed SupportAssist software. The flaw could enable a remote attacker to completely takeover affected devices. The high-severity vulnerability (CVE-2019-12280) stems from a component in SupportAssist, a proactive monitoring software pre-installed on PCs with automatic failure detection and notifications for Dell devices. That component is made by a company called PC-Doctor, which develops hardware-diagnostic software for various PC and laptop original equipment manufacturers (OEMs). A patch has been issued by PC-Doctor that fixes impacted devices. Impacted customers can find the latest version of SupportAssist here (for single PC users) or here (for IT managers).
Re: (Score:2)
Re: (Score:3, Interesting)
We told managment not to (Score:3, Funny)
...but they insisted that Dell's sales team was correct with their ROI-numbers-pulled-from-nowhere in pre-imaging the machines for us. Nevermind the fact we have a PXE boot environment that's pretty much effortless to image and stage with. Yup, this sure saved us a lot of support hours.
DLL hijacking on Windows (Score:3)
While this vendor should have taken more care as their code is running elevated, DLL hijacking on Windows is a nightmare, especially because Windows can load a bunch of DLLs into your process before any of your program code has even run, depending on which imports your module declares to the loader, and which imports those imports declare, etc. There are various bandaids on top of the issue, but generally it's just an awkward problem that many developers won't even be aware of and in many cases the best you can do is try to harden against it.
Sense of proportion much? (Score:2)
Spyware known as Windows 10: 933 CVEs, of which 184 have score greater than 9
Crapware known as SupportAssist: 4 CVEs, highest score 8.8
What exactly are we talking about here?
DUDE! (Score:2)
https://giphy.com/gifs/90s-computer-dell-Akry6V17RGH60
...but for this software (Score:2)