A major vulnerability has been discovered in a system health-check utility installed on millions of Dell PCs, and while the hole has been patched, if you're running this software, you need to make sure that your version of the tool up to date – or run the risk of getting your machine hacked.
Perhaps even more worryingly, this privilege escalation vulnerability could be present on other PC manufacturers' machines – seemingly to the tune of 100 million devices – and we
In Dell PCs, the problem pertains to the firm's pre-installed SupportAssist app, although the actual security flaw is a PC-Doctor, a third-party component or Dell's support utility.  As uncovered by security firm SafeBreach, the vulnerability (CVE-201
Dell assures us , however, t The majority of customers have already been patched. The PC maker told Tom's Guide: "More than 90% of customers have received the update, released on May 28, 2019, and are no longer at risk. Dell SupportAssist updates automatically if automatic updates are enabled, and most customers have automatic updates turned on. ”
If you have automatic updates enabled, though, you need to make sure that you get your PC patched up pronto. You should be running Dell SupportAssist for Home PCs version 3.2.2, or Dell SupportAssist for Business PCs version 2.0.1, make sure you're bullet-proof from the problem.
SupportAssist, or check out Dell's instructions for manually updating here. Whatever you do, just make sure you get patched.
As we said at the outset, though, perhaps the most disturbing revelation here is not about Dell machines, but the other PC vendors out there who also use PC-Doctor – as they may not have been patented so far, or indeed not patched at all.
According to PC-Doctor itself: "Leading manufacturers have installed over 100 million copies of PC-Doctor for Windows on computer systems worldwide. ”
Unfortunately, the company mentions which 'leading manufacturers' also use its software tool. And a further complication is that some manufacturers use a rebranded version of the utility, so it may not be called PC-Doctor.
Other alternative names for the software, according to SafeBreach, include Corsair Diagnostics and Staples EasyTech Diagnostics among others
The forms would seem to indicate that PCs sold by Corsair may have an issue, which may or may not have been patched, but of course we can not jump to any conclusions. vendors and / or the creator of PC-Doctor to step forward and clarify where any further risks might be present;
Jake Moore, cybersecurity specialist at ESET, told us: "This vulnerability highlights the issue of third party applications that are given partial access and could potentially be exploited by malware to gain administrator rights. ] “It also highlights the threat caused by rogue insiders and could cause companies to lose confidence even when it's not entirely their fault. Many PCs could be affected and as usual it is vitally important that these machines are updated to the latest version. ”