Dell PCs ship with DLL hijacking bug
 

You will have a fishy on a little dishy, when the bloat comes in

Millions of PCs made by Dell and other OEMs are vulnerable to a flaw stemming from a component in pre-installed SupportAssist software which enables a remote attacker to completely take over affected devices.

The high-severity vulnerability (CVE-2019-12280) stems from a component in SupportAssist, a proactive monitoring software pre-installed on PCs with automatic failure detection and notifications for Dell devices. That component is made by a company called PC-Doctor, which develops hardware-diagnostic software for various PC and laptop original equipment manufacturers (OEMs).

Peleg Hadar, security researcher with SafeBreach Labs, who discovered the breach, said that SupportAssist is preinstalled on most of Dell devices running Windows, which means that as long as the software is not patched, this vulnerability probably affects many Dell users.

A patch has been released by PC-Doctor.

Dell sought to downplay the flaw, telling users to switch on automatic updates or manually update their SupportAssist software. Because most customers have automatic updates enabled, around 90 percent of customers to date have received the patch, said a Dell spokesperson.

SupportAssist, checks the health of system hardware and software and requires high permissions. The vulnerable PC-Doctor component is a signed driver installed in SupportAssist. This allows SupportAssist to access the hardware (such as physical memory or PCI).

https://fudzilla.com/news/48929-dell...-hijacking-bug