Millions of Dell PCs that have the SupportAssist software installed are vulnerable to a remote hacker to completely taking over your computer.
The high-severity vulnerability (CVE-2019-12280) is defective coding in a component in SupportAssist. This software is Dell’s monitoring software which is pre-installed on all PCs. The software can automatic detect failure and notify you of issues. The Dell SupportAssit component is made by a company called PC-Doctor, which develops hardware-diagnostic software for many other brands.
“As long as the software is not patched, this vulnerability probably affects many Dell users,” Peleg Hadar, security researcher with SafeBreach Labs – who discovered the breach – said in a Friday analysis.
“Our first priority is product security and helping our customers ensure the security of their data and systems,” the spokesperson said. “The vulnerability discovered by SafeBreach is a PC Doctor vulnerability, a third-party component that ships with Dell SupportAssist for Business PCs and Dell SupportAssist for Home PCs. PC Doctor moved quickly to release the fix to Dell, we implemented it and released updates on May 28, 2019 for the affected SupportAssist versions.”
Software Maker PC-Doctor did not disclose the other impacted OEMs are, but did say that patches have been released to address “all affected products.” However if you just remove the software from your computer you can protect yourself from any future vulnerabilities.