Sign in / up

back to article Tens of millions of biz Dell PCs smacked by privilege-escalation bug in bundled troubleshooting tool

Dell has copped to a flaw in SupportAssist – a Windows-based troubleshooting program preinstalled on nearly every one of its newer devices running the OS – that allows local hackers to load malicious files with admin privileges. The company has issued an advisory about the vulnerability, warning that a locally authenticated …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Joe W Silver badge

    Remind me again:

    Why do laptops come preinstalled with CarpWare like that? As if the stoopid "free" games that seem to come bundled with the newest incarnation of MS' attempt at an operating system were not enough....

    (for myself it's not an issue, no windows PCs for me - but I have family, y'know)

    7 6 Reply
    1. ArrZarr Silver badge
      Reply Icon

      Re: Remind me again:

      Your family who are running on Business Dell laptops?

      4 3 Reply
      1. Joe W Silver badge
        Reply Icon
        Alert

        Re: Remind me again:

        affects Dell SupportAssist for business PCs version 2.1.3 or earlier and for home PCs version 3.4 or earlier."

        6 0 Reply
        1. tcmonkey
          Reply Icon

          Re: Remind me again:

          Even if it was just business PCs, how crazy does a business have to be to not re-pave machines before use?

          6 3 Reply
          1. Phil Kingston
            Reply Icon

            Re: Remind me again:

            Small operations won't have the IT skills/resources/cash/desire to bother with de-bloating lappies before handing them out.

            4 0 Reply
            1. Anonymous Coward
              Reply Icon
              Anonymous Coward

              Re: Remind me again:

              Spot on.

              I help out at a charity for a couple of hours of week. They have no tech support staff, and if they happen to need a new PC, I'm the one who has to set it up for them. I daren't risk fiddling too much with what has been delivered because I wouldn't be able to do a reliable enough job of tailoring the build in the short time available.

              So, I settle for making sure that Windows 10 violates their privacy as little as possible and leave the Dell bloatware as is.

              My ideal would be to save them money and dual-boot their old Windows boxes with Mint - so that they can keep their Word and Excel on the original OS and use Mint for anything else (including internet use) - but the culture shock would be too great.

              0 0 Reply
            2. Mongrel
              Reply Icon
              Windows

              Re: Remind me again:

              I'd also presume that having and using the supplied bloatware is part of the support contract or warranty support. I mean slapping an offshore call centre in front of a flow chart who's first question is "What does the software say?" saves on their budget.

              **Just cynical guesses on my part, no idea what actually happens here**

              0 0 Reply
              1. jelabarre59
                Reply Icon

                Re: Remind me again:

                I'd also presume that having and using the supplied bloatware is part of the support contract or warranty support. I mean slapping an offshore call centre in front of a flow chart who's first question is "What does the software say?" saves on their budget.

                But even if you're forced to leave the SW on the system, the next-best option is to make sure the software doesn't auto-load at startup. Only run it when absolutely necessary. If you're having to leave it on corporate desktops, delete the icons for it as well.

                But you don't even have to be a *small* operation to have your system loaded down with crap. I remember seeing the IBM internal MSWin image, where all the bundled applications were loading all their memory/CPU-hogging accessories that the vast majority would never need/use. It was quite obvious whomever was setting up the apps simply clicked past ALL the default settings without even looking at them. Your tech-newbie grandmother could have done a cleaner install.

                0 0 Reply
                1. Anonymous Coward
                  Reply Icon
                  Anonymous Coward

                  Re: Remind me again:

                  Considering you have to access to the system or the network to even exploit this. If someone is able to run this exploit you already have a much bigger problem

                  0 0 Reply
    2. Halfmad
      Reply Icon

      Re: Remind me again:

      I've never, at home or work failed to wipe and reinstall/image Dells. HPs, Lenovo etc. Hell we even did this with iMacs back in the 90s.

      It's just good to know you are starting from a specific point with all software that's deployed known. I don't trust vendors not to sneak stuff on.

      1 0 Reply
  2. Dr.Flay

    I can always tell if the support centre service has reenabled itself on my Dell laptop, because there is a huge chunk of RAM in use.

    Yay lets waste over 600MB of your resources to do something a good shareware author could fit on a postage stamp.

    11 0 Reply
  3. Ragarath

    Biz PC's!

    Wait, come on, business PCs? Is there anyone that does not immediately wipe and reinstall dell,hp,lenovo any other vendor?

    I assume this is small biz where they may not have the resource to do this.

    7 1 Reply
    1. ecofeco Silver badge
      Reply Icon

      Re: Biz PC's!

      Many companies create a custom image and then have the vendor image the PCs before shipping. Many large companies are also moving over to 3rd party/vendor management of their PC assets.

      Yes, that's right, they are letting outside companies remote manage their PCs, which makes sense if you are a very small company. But large companies with millions of dollars of IP assets and thousands of employees? Insanity. And god help you if that vendor is also IBM.

      2 0 Reply
      1. Gotno iShit Wantno iShit
        Reply Icon

        Re: Biz PC's!

        Do I win anything for the full set?

        - Working for a global corporation ~55,000 employees - check.

        - Laptop supplied pre-imaged by Dell - check.

        - Laptop yesterday self-updated SupportAssist for Home PCs without asking - double WTF?

        - Call to IBM to get it removed - painful.

        Sigh :-(

        1 0 Reply
    2. katrinab Silver badge
      Reply Icon
      Flame

      Re: Biz PC's!

      Yes. My predecessor at the place I work in now.

      Laptops runing Home Edition with all sorts of cr@pware installed including stuff from Sony that displays the latest "news" on the task bar.

      0 0 Reply
  4. Pascal Monett Silver badge
    Facepalm

    "yet another flaw in Dell's SupportAssist software"

    Look, guys, I am very well placed to know that writing good code is not easy, but when you go out of your way to help hackers insert malware, it's kinda on you. Loading a DLL from a non-admin folder ? Who thought that that was a good thing ? In what kind of meeting was that approach approved and for what reason ?

    Or is this another case of rogue engineer ?

    Oh well, at least they found it and patched it.

    7 0 Reply
    1. katrinab Silver badge
      Reply Icon
      Flame

      Re: "yet another flaw in Dell's SupportAssist software"

      "In what kind of meeting was that approach approved"

      The one where they approve the expenditure

      "and for what reason ?"

      It was the lowest bid they received

      0 0 Reply
    2. Michael Wojcik Silver badge
      Reply Icon

      Re: "yet another flaw in Dell's SupportAssist software"

      Loading a DLL from a non-admin folder ? Who thought that that was a good thing ?

      Stefan Kanthak has documented (in a series of BUGTRAQ posts) dozens of vendors shipping software that does this.

      0 0 Reply
    3. Michael Wojcik Silver badge
      Reply Icon

      Re: "yet another flaw in Dell's SupportAssist software"

      at least they found it and patched it

      ITYM "at least Eran Shimony found it and was good enough to tell Dell and get them to patch it".

      0 0 Reply
  5. Claptrap314 Silver badge

    In other news, 1+1=2

    "The more software and services installed on a system, the bigger target presented to those wishing to attack it,"

    3 0 Reply
    1. Anonymous Coward
      Reply Icon
      Happy

      Re: In other news, 1+1=2

      And 2+2=5 - even more crapware is disproportionately more vulnerable :-)

      Fortunately I've already protected my corp lappy: Support Assist launched itself, stopped at 'phase 2 scanning' and after 7 hours of no discernable activity I killed it, uninstalled it and went home.

      0 0 Reply
  6. cb7

    Having worked on machines from pretty much all the vendors, I don't like the way Dell's are designed.

    And no, I'm not taking about aesthetics.

    I'm talking about crucial things like:

    Desktops: Non industry standard cases and power supplies.

    Laptops: hard drive connectors that sit on mini daughter boards bolted (I kid u not) to the motherboard. One drop and the connector shears off.

    Poorly designed motherboards that need 5 or more ribbon connectors for peripherals whilst most others get by with one. And don't get me started on buggy firmware that doesn't handle sleep transitions properly resulting in data loss / corruption.

    You couldn't pay me to buy a Dell.

    3 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      To be fair, I haven't heard of Dell using the proprietary PSU pinouts--you know, where a standard PSU would immediately fry the board if you didn't re-pin it before installation--in quite a long time.

      I still wouldn't buy one, but I've built my own for too long to do otherwise. None of the usual OEMs make anything I'd pay for, outside of some vendors that basically do custom stuff... and I'm too cheap to pay someone else to do what I can do myself. (Gotta justify this huge pile of bits 'n bobs I keep around, y'know!)

      0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like