Millions of Dell PCs Vulnerable to Flaw in Third-Party Component

[silversurfer]

Millions of PCs made by Dell and other OEMs are vulnerable to a flaw stemming from a component in pre-installed SupportAssist software. The flaw could enable a remote attacker to completely takeover affected devices.
 
The vulnerability stems from a component in SupportAssist, a proactive monitoring software pre-installed on PCs with automatic failure detection and notifications for Dell devices. That component is made by a company called PC-Doctor, which develops hardware-diagnostic software for various PC and laptop original equipment manufacturers (OEMs).
 
“According to Dell’s website, SupportAssist is preinstalled on most of Dell devices running Windows, which means that as long as the software is not patched, this vulnerability probably affects many Dell users,” Peleg Hadar, security researcher with SafeBreach Labs – who discovered the breach – said in a Thursday analysis.

A patch has been issued by PC-Doctor that fixes impacted devices. Impacted customers can find the latest version of SupportAssist here (for single PC users) or here (for IT managers).

SOURCE: https://threatpost.com/millions-of-dell-...nt/145833/