Dell PCs ship with DLL hijacking bug

Pieter3dnow

Pieter3dnow

Supreme [H]ardness
Joined
Jul 29, 2009
Messages
6,784
https://fudzilla.com/news/48929-dell-pcs-ship-with-dll-hijacking-bug

The high-severity vulnerability (CVE-2019-12280) stems from a component in SupportAssist, a proactive monitoring software pre-installed on PCs with automatic failure detection and notifications for Dell devices. That component is made by a company called PC-Doctor, which develops hardware-diagnostic software for various PC and laptop original equipment manufacturers (OEMs).
Click to expand...

A patch has been released by PC-Doctor.

Dell sought to downplay the flaw, telling users to switch on automatic updates or manually update their SupportAssist software. Because most customers have automatic updates enabled, around 90 percent of customers to date have received the patch, said a Dell spokesperson.
Click to expand...
 
If anything this is a selling point of automatic updates. The ones that have updates turned on were covered.
 
Pushed out updates for it last night so it should be putting the new version on all the devices as people log in this morning.
 
Zarathustra[H] said:
This is why you ALWAYS before your start using a new machine make sure you wipe it, install Windows fresh, and don't install of the junk bundled software from the OEM.
Click to expand...
You need to realize to common person doesn't know any better and believes are the bs marketing companies like Dell do. Those are the target consumer for Dell and the likes.
 
Zarathustra[H] said:
This is why you ALWAYS before your start using a new machine make sure you wipe it, install Windows fresh, and don't install of the junk bundled software from the OEM.
Click to expand...

True, but I do have to say that PC-Doctor is a very good diagnostics suite. I use it all the time and it has helped me prove my strong hunch when some SSD went bad, while other programs would say it was just fine.

However, that Support Assistant does seem to have some bloat: additional features beside hardware diagnostic tools, like Malware Removal and AV. It's always better for a program be very good at just one thing (like PC-Doctor with their diagnostics) instead of trying to pretend to do everything well.
 
wyqtor said:
True, but I do have to say that PC-Doctor is a very good diagnostics suite. I use it all the time and it has helped me prove my strong hunch when some SSD went bad, while other programs would say it was just fine.

However, that Support Assistant does seem to have some bloat: additional features beside hardware diagnostic tools, like Malware Removal and AV. It's always better for a program be very good at just one thing (like PC-Doctor with their diagnostics) instead of trying to pretend to do everything well.
Click to expand...
We have it on all our Dell laptops and Desktops as part of the extended hardware warranty, if it detects a hardware fault failing drive or anything Dell just mails me the part and sends me an email notification, makes it far easier to be preemptive for most things especially HDD replacements and those annoying batteries that no longer hold charges. The Enterprise versions of support assist though don't have the AV and malware stuff but it does do capturing of Bluescreens and other errors for later troubleshooting.
 
Zarathustra[H] said:
This is why you ALWAYS before your start using a new machine make sure you wipe it, install Windows fresh, and don't install of the junk bundled software from the OEM.
Click to expand...

The DoD actually agrees with you. They have their own builds, for instance, the Army has their "Army Gold Master", (AGM) for desktop and server OSs. I am pretty sure the other branches of the DoD do as well. In fact, when the Army orders Dells they can get them delivered with the current version of AGM pre-installed.
 
You must log in or register to reply here.
Back
Top