unBIOSed
3 Argentium

Severe vulnerability in Dell SupportAssist, second time this year

This is happening for the second time this year. This time, I don't care, if it's been fixed or not. instead, CAN DELL OFFICIALLY DISPROVE THE FACT THAT ANYONE WHO'S HAD SUPPORTASSIST SHOULD NOW REINSTALL WINDOWS, IN ORDER TO BE SAFE? 
https://thehackernews.com/2019/06/dells-supportassist-hacking.html

9 Replies
U2CAMEB4ME
4 Ruthenium

Re: Severe vulnerability in Dell SupportAssist, second time this year

Welcome to the Dell Community  @unBIOSed 

Please check here.

DSA-2019-084: Dell SupportAssist for Business PCs and Dell SupportAssist for Home PCs Security Update for PC Doctor Vulnerability

https://www.dell.com/support/article/us/en/04/sln317291/dsa-2019-084-dell-supportassist-for-business...

Best regards,

U2

Microsoft Registered Refurbisher
Microsoft Registered Partner
HP EliteBook 8770w i7-3630QM 32GB
HP ZBook 17 G2 i5-4310M 16GB
If you like an answer please click on the thumbs up “Kudos”
If a reply is the solution to your problem please click on “Accept as Solution”
unBIOSed
3 Argentium

Re: Severe vulnerability in Dell SupportAssist, second time this year

@U2CAMEB4ME  Thank you for the link.

There is one problem, however... My question was not exactly about reinstalling Dell's defective software, or removing it completely.

Users had had this  CVE-2019-12280, as a zero-day vulnerability, for some time, before it was discovered and reported by the security researcher. Also, it took time for Dell or its contractor to patch it.

There is no mentioning of the fact that, even after making the upgrade, or removing Dell SupportAssist completely, malicious files resulting from the exploitation of the vulnerability can still remain on the users' computers. To rule out any risk of criminal hackers having an opportunity to use such files, Dell users who have had SupportAssist should be effectively advised to format their disks and reinstall the operating systems. And this is an obvious fact that Dell is obfuscating. 

unBIOSed
3 Argentium

Re: Severe vulnerability in Dell SupportAssist, second time this year

So here is my question, again:
CAN DELL OFFICIALLY DISPROVE THE FACT THAT ANYONE WHO'S HAD SUPPORTASSIST SHOULD NOW REINSTALL WINDOWS, IN ORDER TO BE SAFE? 

Teetertotter
3 Argentium

Re: Severe vulnerability in Dell SupportAssist, second time this year

I uninstalled "Support Assist" a while back on my 7572.  I don't touch any DELL driver, so called, "RECOMMENDED or URGENT," updates.  Long story short, you do at your own risk.      If it ain't brook, don't fix it!  Period.

I do the same with all my laptops I have and they perform w/o any problems.  Leave the factory installed software/hardware alone. That's me, for numerous years, via IT instructions.... MAINLY "BIOS" on the MOTHER BOARD.  


Inspiron 7572 15\8th Gen\i5\8GB Ram\256GB SSD\Nvidia MX150 4GB [2019]
Inspiron 3542 15\4th Gen\ i3\4GB Ram\500GB\DVD [2014]
Acer Spin 1 11.6[2017], Asus 11.6[2018], Toshiba Satellite 11.6[2015]
Win 10 Ver. 1909 on all devices.
unBIOSed
3 Argentium

Re: Severe vulnerability in Dell SupportAssist, second time this year

I don't have SupportAssist either, because it broke my Windows installation by pushing an automatic update. But tech support installed it again on a clean Windows install, and ran it briefly, when we were updating the drivers, etc. For many other users, though, it's been on the computer from day one, and they never removed it... Plus, there are many people who have had it on their machines, for one duration or another.

So here's my unanswered question to Dell, yet again,

CAN DELL OFFICIALLY DISPROVE THE FACT THAT ANYONE WHO'S HAD SUPPORTASSIST SHOULD NOW REINSTALL WINDOWS, IN ORDER TO BE SAFE? 

Highlighted
Moderator
Moderator

Re: Severe vulnerability in Dell SupportAssist, second time this year

unBiosED,

 

Our first priority is product security and helping our customers ensure the security of their data and systems. The vulnerability discovered by SafeBreach is a PC Doctor vulnerability, a third-party component that ships with Dell SupportAssist for Business PCs and Dell SupportAssist for Home PCs. PC Doctor moved quickly to release the fix to Dell, we implemented it and released updates on May 28, 2019 for the affected SupportAssist versions. More than 90% of customers to date have received the update and are no longer at risk. Most customers have automatic updates enabled, which is a general security best practice to keep software and systems up to date. We urge customers to review our security advisory (DSA-2019-084) and turn on automatic updates or manually update their SupportAssist software.

 

FAQ

Q: When was the fix issued? We implemented the fix from PC Doctor and released updates on May 28, 2019 for the affected SupportAssist versions.

Q: If you’re just now disclosing the vulnerabilities, how did customers know to update SupportAssist? SupportAssist updates automatically if automatic updates are enabled. Most customers have automatic updates enabled. More than 90% of customers have already upgraded to the updated versions and are no longer at risk for these vulnerabilities. We urge all SupportAssist customers to review the security advisory (DSA-2019-084) and, if applicable, download the updates:

Q: Some reports say 100s of millions of users/PCs are at risk. Is that true? No. Several million PCs were originally at risk, but more than 90% of customers have downloaded the update and are no longer at risk.

Q: What are the affected versions? Dell SupportAssist for Business PCs version 2.0, and Dell SupportAssist for Home PCs version 3.2.1 and all prior versions. This is resolved with the latest SupportAssist versions released on May 28, 2019: • Dell SupportAssist for Home PCs version 3.2.2 • Dell SupportAssist for Business PCs version 2.0.1

Q: Where can I find more info? You can view our security advisory for more information: DSA-2019-084. You can also find the latest versions of SupportAssist here: • Dell SupportAssist for Home PCs version 3.2.2 (for single PC users) • Dell SupportAssist for Business PCs version 2.0.1 (for IT managers)

Q: Why did it take you so long to issue a security advisory after you released the patch?

You can view our security advisory for more information: DSA-2019-084. You can also find the latest versions of SupportAssist here: • Dell SupportAssist for Home PCs version 3.2.2 (for single PC users) • Dell SupportAssist for Business PCs version 2.0.1 (for IT managers)

Q: Why did it take you so long to issue a security advisory after you released the patch?


We follow industry best practices to disclose vulnerabilities in a responsible and coordinated fashion. Since the vulnerable component was with PC Doctor, we coordinated with PC Doctor so they could responsibly and fairly alert their other customers to give them a chance to implement the fix as well before we publicly disclosed our fix.

Customers can review our security advisory (DSA-2019-084) and refer to https://dell.to/2YbuW3i for the latest security advisories and notices.

Q: What’s the difference between this vulnerability and the one in late April/early May? The PC Doctor vulnerability affecting Dell SupportAssist for Business PCs and Dell SupportAssist for Home PCs is a third-party vulnerability. It requires the potential hacker have user privileges on the vulnerable PC to obtain and exploit administrative privileges.

The vulnerability announced and fixed in late April was a remote code execution vulnerability within SupportAssist for Home PCs. This means an unauthenticated attacker, sharing the network access layer with the vulnerable system, can compromise the vulnerable system by tricking a victim user into downloading and executing arbitrary executables via the SupportAssist client from attacker-hosted sites. These vulnerabilities have been fixed.

Q: Is SupportAssist a flawed product? No. SupportAssist proactively checks the health of system hardware and software. When an issue is detected, the necessary system state information is sent to Dell for troubleshooting to begin. Dell then contacts the customer to start the resolution conversation, preventing issues from becoming costly problems.

We continually and routinely test our products as prevention, product security and the security of our customers’ data and systems are our top priorities. We use in-house teams and third-party vendors to perform vulnerability assessments for our customer applications. We have implemented security checks for validating the signature / request origin, we perform Secure Development Lifecycle (SDL) practices and have integrated security automation and testing into our development process.

Q: Should customers be concerned about using SupportAssist now and in the future? No. SupportAssist helps keep system hardware and software up to date, which is an essential component of general security best practices. We continually and routinely test our products as prevention, product security and the security of our customers’ data and systems are our top priorities. We use in-house teams and third-party vendors to perform vulnerability assessments for our customer applications. We have implemented security checks for validating the signature / request origin, we perform Secure Development Lifecycle (SDL) practices and have integrated security automation and testing into our development process.

Q: What end-products are affected? Dell SupportAssist for PCs is now preinstalled on most new Dell devices running Windows operating system. We urge all SupportAssist customers to review the security advisory (DSA-2019-084) and, if applicable, download the updates.


Q: In general, it seems like the number of security vulnerabilities are growing? Why the increase? While it might seem like the number of security vulnerabilities are growing, we believe the industry as a whole is becoming more transparent in reporting vulnerabilities and following best practices to ensure the security of products and customer data. Dell follows industry standards and best practices for our testing and disclosures, down to the level of details provided in our security advisories and utilizing the security and research community. Our customers expect and deserve this level of transparency and commitment to security. We are continuously evaluating and improving our testing and reporting process and welcome feedback.

Q: What is Dell doing to secure its products and protect its customers? Dell strives to help our customers minimize risk associated with security vulnerabilities in our products by providing customers with timely information, guidance and mitigation to address threats from vulnerabilities.

Continual testing and prevention is a key priority for us. We use in-house teams and third-party vendors to perform vulnerability assessments for our customer applications. We have implemented security checks for validating the signature / request origin, we perform Secure Development Lifecycle (SDL) practices and have integrated security automation and testing into our development process. In addition, we employ a thorough process to continually evaluate and improve our vulnerability response practices. Dell is an active participant in the Software Assurance Forum for Excellence in Code (SAFECode: https://dell.to/2Ylo7fm), the Forum for Incident Response (https://dell.to/2YbivV1) and international standards efforts that are developed for vulnerability disclosure and handling such as ISO 29147 and ISO 30111. See Dell's Vulnerability Response Policy for more information.





unBIOSed
3 Argentium

Re: Severe vulnerability in Dell SupportAssist, second time this year

@DELL-Jesse L 

Thank you for your post.
 
I'm not seeing the answer to my question, though, so I apologize if it wasn't clear enough to Dell. To ease comprehension, let me try to break it down to elements:
 
1. At least two major zero-day vulnerabilities - an RCE and a privilege escalation - existed in SupportAssist.
2. The vulnerabilities could be exploited by hackers, in a plethora of ways. For example, criminal hackers had opportunities to install their files (like backdoors, trojans, keyloggers, etc.) on users' computers. They could also  change files, as well as tweak hidden settings, in order to ease remote exploitation at any later date.
3. Updates to newer versions of SupportAssist can not remove any potential changes already made by hackers.
4. It is impossible to guarantee that any given computer does not have any files or changes, as described above, still left on its disk(s). Unless the (5) below is done.
5. To rule out any possibility of (2) above (i.e., any changes made by hackers) still being present on their computers, users should format the disks on their computers, and reinstall the operating system.
 
In light of the above, I respectfully ask Dell, yet another time, to answer the following question:
 
CAN DELL OFFICIALLY DISPROVE THE FACT THAT ANYONE WHO'S HAD SUPPORTASSIST SHOULD NOW REINSTALL WINDOWS, IN ORDER TO BE SAFE?
0 Kudos
Moderator
Moderator

Re: Severe vulnerability in Dell SupportAssist, second time this year

unBIOSed,

 

It is the customer's choice if he/she doesn't like the SupportAssist they can always uninstall the app.

 


0 Kudos
unBIOSed
3 Argentium

Re: Severe vulnerability in Dell SupportAssist, second time this year

 
Thanks for posting again, but my question was not about the obvious right to uninstall SupportAssist.
It was about removing any malicious applications (like backdoors, trojans, etc.) potentially installed on computers by hackers, as well as any settings tweaked on users' computers, as a result of Dell's vulnerable software having been present on them.
 
So here is my question to Dell yet again:
 
CAN DELL OFFICIALLY DISPROVE THE FACT THAT ANYONE WHO'S HAD SUPPORTASSIST SHOULD NOW REINSTALL WINDOWS, IN ORDER TO BE SAFE?
0 Kudos