Dell PCs ship with DLL hijacking bug

Pieter3dnow

Supreme [H]ardness
Joined
Jul 29, 2009
Messages
6,784
https://fudzilla.com/news/48929-dell-pcs-ship-with-dll-hijacking-bug

The high-severity vulnerability (CVE-2019-12280) stems from a component in SupportAssist, a proactive monitoring software pre-installed on PCs with automatic failure detection and notifications for Dell devices. That component is made by a company called PC-Doctor, which develops hardware-diagnostic software for various PC and laptop original equipment manufacturers (OEMs).

A patch has been released by PC-Doctor.

Dell sought to downplay the flaw, telling users to switch on automatic updates or manually update their SupportAssist software. Because most customers have automatic updates enabled, around 90 percent of customers to date have received the patch, said a Dell spokesperson.
 

auntjemima

[H]ard DCOTM x2
Joined
Mar 1, 2014
Messages
10,349
If anything this is a selling point of automatic updates. The ones that have updates turned on were covered.
 

Lakados

Supreme [H]ardness
Joined
Feb 3, 2014
Messages
6,024
Pushed out updates for it last night so it should be putting the new version on all the devices as people log in this morning.
 

vegeta535

[H]F Junkie
Joined
Jul 19, 2013
Messages
9,214
This is why you ALWAYS before your start using a new machine make sure you wipe it, install Windows fresh, and don't install of the junk bundled software from the OEM.
You need to realize to common person doesn't know any better and believes are the bs marketing companies like Dell do. Those are the target consumer for Dell and the likes.
 

wyqtor

Limp Gawd
Joined
Dec 30, 2011
Messages
469
This is why you ALWAYS before your start using a new machine make sure you wipe it, install Windows fresh, and don't install of the junk bundled software from the OEM.

True, but I do have to say that PC-Doctor is a very good diagnostics suite. I use it all the time and it has helped me prove my strong hunch when some SSD went bad, while other programs would say it was just fine.

However, that Support Assistant does seem to have some bloat: additional features beside hardware diagnostic tools, like Malware Removal and AV. It's always better for a program be very good at just one thing (like PC-Doctor with their diagnostics) instead of trying to pretend to do everything well.
 

Lakados

Supreme [H]ardness
Joined
Feb 3, 2014
Messages
6,024
True, but I do have to say that PC-Doctor is a very good diagnostics suite. I use it all the time and it has helped me prove my strong hunch when some SSD went bad, while other programs would say it was just fine.

However, that Support Assistant does seem to have some bloat: additional features beside hardware diagnostic tools, like Malware Removal and AV. It's always better for a program be very good at just one thing (like PC-Doctor with their diagnostics) instead of trying to pretend to do everything well.
We have it on all our Dell laptops and Desktops as part of the extended hardware warranty, if it detects a hardware fault failing drive or anything Dell just mails me the part and sends me an email notification, makes it far easier to be preemptive for most things especially HDD replacements and those annoying batteries that no longer hold charges. The Enterprise versions of support assist though don't have the AV and malware stuff but it does do capturing of Bluescreens and other errors for later troubleshooting.
 

lcpiper

[H]F Junkie
Joined
Jul 16, 2008
Messages
10,611
This is why you ALWAYS before your start using a new machine make sure you wipe it, install Windows fresh, and don't install of the junk bundled software from the OEM.

The DoD actually agrees with you. They have their own builds, for instance, the Army has their "Army Gold Master", (AGM) for desktop and server OSs. I am pretty sure the other branches of the DoD do as well. In fact, when the Army orders Dells they can get them delivered with the current version of AGM pre-installed.
 
Top