News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Dell patches SupportAssist, but other PC-Doctor software still vulnerable

    Posted on June 23rd, 2019 at 07:58 woody Comment on the AskWoody Lounge

    Dell announced on June 21 that it has issued an emergency patch for the Dell SupportAssist software – which you’re probably running if you have a Dell computer and didn’t wipe out the pre-installed garbage.

    Specifically, the PC-Doctor component of SupportAssist has a vulnerability in the way it checks (or, er, doen’t check) the validity of certain DLLs on your computer. If somebody sticks a bad DLL on your machine, in a specific location and with a specific file name, PC-Doctor helpfully picks it up and runs it – with system-level privileges. SafeBreak Labs, which discovered and reported the bug, has a full description.

    Dell ain’t the only one. Apparently PC-Doctor Toolbox is also part of

    CORSAIR ONE Diagnostics
    CORSAIR Diagnostics
    Staples EasyTech Diagnostics
    Tobii I-Series Diagnostic Tool
    Tobii Dynavox Diagnostic Tool

    You may recall that Dell SupportAssist had a big security breach back in May, 2019. Beats me why anyone would continue to use crapware like it.