Skip to main content

Dell software designed to protect you from vulnerabilities has another vulnerability

Dell software designed to protect you from vulnerabilities has another vulnerability


Dell’s SupportAssist is still insecure, so update your machine now

Share this story

If you buy something from a Verge link, Vox Media may earn a commission. See our ethics statement.

Dell’s SupportAssist software, a Windows toolkit designed in part to protect your computer from security vulnerabilities, has yet another vulnerability of its own that makes running older versions of the software a risk to your system. As noted by Gizmodo this morning, this new vulnerability was discovered by security researchers at SafeBreach and disclosed on Monday in a public blog post. Dell has now issued an update to patch it that you should download now.

A serious concern here is that this vulnerability doesn’t just affect Dell machines with SupportAssist, as was the case with an entirely separate SupportAssist vulnerability from two months ago. This time, it can affect other laptop manufacturers that are also, like Dell, using rebranded versions of the same Windows package, which includes a component known as PC-Doctor Toolbox. Other companies known to make use of this same component in software packages include gaming brand Corsair, office supplies chain Staples, and eye-tracking company Tobii.

SupportAssist keeps having security issues

Because Dell’s SupportAssist has admin-level access to your Windows machine and can automatically install updates, a third party could exploit this vulnerability to install malicious code hiding within what are known as dynamic link library files, or DLL files. “According to Dell’s website, SupportAssist is preinstalled on most of Dell devices running Windows. This means that as long as the software is not patched, the vulnerability affects millions of Dell PC users,” explains SafeBreach researcher Peleg Hadar.

He says there are two key ways this could be exploited by a hacker. The first is it could give “attackers the ability to load and execute malicious payloads by a signed service.” The second is the attacker could bypass Driver Signature Enforcement to gain access to read/write permissions. Both would give a third party considerable control over your machine in worst-case scenarios.

While these are rare cases, it’s not comforting to know that preloaded bloatware on your Windows machine keeps running into severe issues like this.