I hate to be the bearer of bad news, but... better safe than sorry. There is nothing worse than a false sense of security, IMO.
To look at this critically, I would still try to answer questions:
1 - I have the latest version now, which is good. But... have I ever had version 3.2.1 or earlier, on this Dell computer? 2 - If the answer to (1) is "yes", then...
... then it would mean, that hackers had a chance to exploit my system, and that there it a theoretical likelihood that my computer still has their uploaded and/or changed files, and that some of those files may allow them to exploit my computer, even though I have the latest SupportAssist now.
If the above it true (i.e., if the user has ever had version 3.2.1 or older installed on their computer), then the only way to rule out the bad scenario is to (1) go through, and back up, your data; (2) format the disk; (3) reinstall Windows.
And this is something that Dell is NOT telling us.
Dell implemented the fix and released updates on May 28, 2019 for the affected Dell SupportAssist for Business PCs and Dell SupportAssist for Home PCs versions.
More than 90% of customers to date have received the update and are no longer at risk.
Most customers have automatic updates enabled, which is a general security best practice to keep software and systems up to date.
Dell urges customers to turn on automatic updates or manually update their SupportAssist software.
Dell’s first priority is product security and helping our customers ensure the security of their data and systems. Customers can find more information within the Dell security advisory DSA-2019-084.
I can understand people's optimism, but would still prefer to be with those who are more skeptical.
The mere fact that news of information breaches did not reach you doesn't necessarily mean that there were none in the first place. Most breaches go unnoticed by end users, and when they do come to people's attention, it is normally hard to tell which particular vulnerability is to blame. With SupportAssist, we just had an RCE followed by this privilege escalation.
Of course, we can try to downplay the importance, by mentioning Spectre and Meltdown, etc., but, for one piece of preinstalled software, this is just too much. Dell should be taking these things more seriously, but the way they are handling these SupportAssist vulnerabilities is far from impressive. Think about it... Just upgrade to the latest version, and be done with it? Seriously? As I wrote above, an upgrade doesn't guarantee a removal of any potential damage already caused as a result of the vulnerability.
Read unBIOSed 6/23/2019 6:08 pm; "an upgrade doesn't guarantee the removal of any potential damage already caused as a result of the vulnerability". If the hackers planted their spyware before the upgrade was installed you have no guarantee of safety!
I'm such a rookie about backup (I backup my data only on a zip drive) and re-install. I'm always worried my re-install won't bring back my full system and software as it had been before the hard drive was formatted. Doesn't formatting the disk result in a blank hard drive? If I re-install only Windows, what about all the other software applications and customizations I had installed/set up before I formatted my hard drive? This vulnerability has me very concerned.
Jazz2662
2 Posts
2
June 23rd, 2019 03:00
Phew glad that my PC is fine. Thanks for the reply.
U2CAMEB4ME
4 Operator
•
6.2K Posts
1
June 23rd, 2019 03:00
Your very welcome @Jazz2662
Regards,
U2
U2CAMEB4ME
4 Operator
•
6.2K Posts
1
June 23rd, 2019 03:00
Welcome to the Dell Community @Jazz2662
Affected Products:
Dell SupportAssist for Business PCs version 2.0
Dell SupportAssist for Home PCs version 3.2.1 and all prior versions
Looks like you should be good.
DSA-2019-084: Dell SupportAssist for Business PCs and Dell SupportAssist for Home PCs Security Update for PC Doctor Vulnerability
https://www.dell.com/support/article/us/en/04/sln317291/dsa-2019-084-dell-supportassist-for-business...
Best regards,
U2
unBIOSed
1 Rookie
•
96 Posts
2
June 23rd, 2019 13:00
@U2CAMEB4ME
There is nothing worse than a false sense of security, IMO.
2 - If the answer to (1) is "yes", then...
U2CAMEB4ME
4 Operator
•
6.2K Posts
1
June 23rd, 2019 13:00
@unBIOSed
Dell response:
PC-Doctor released the fix to Dell.
Dell implemented the fix and released updates on May 28, 2019 for the affected Dell SupportAssist for Business PCs and Dell SupportAssist for Home PCs versions.
More than 90% of customers to date have received the update and are no longer at risk.
Most customers have automatic updates enabled, which is a general security best practice to keep software and systems up to date.
Dell urges customers to turn on automatic updates or manually update their SupportAssist software.
Dell’s first priority is product security and helping our customers ensure the security of their data and systems. Customers can find more information within the Dell security advisory DSA-2019-084.
https://safebreach.com/Press-Post/SafeBreach-Identifies-Serious-Vulnerability-In-PC-Doctor-Software
I have not heard of one breach of information from any of the last 10+ major security vulnerabilities.
The worst by far was the Meltdown and Spectre security vulnerabilities!!!
Best regards,
U2
unBIOSed
1 Rookie
•
96 Posts
0
June 23rd, 2019 18:00
JAJ550
2 Posts
0
June 26th, 2019 11:00
Read unBIOSed 6/23/2019 6:08 pm; "an upgrade doesn't guarantee the removal of any potential damage already caused as a result of the vulnerability". If the hackers planted their spyware before the upgrade was installed you have no guarantee of safety!
JAJ550
2 Posts
0
June 26th, 2019 11:00
I'm such a rookie about backup (I backup my data only on a zip drive) and re-install. I'm always worried my re-install won't bring back my full system and software as it had been before the hard drive was formatted. Doesn't formatting the disk result in a blank hard drive? If I re-install only Windows, what about all the other software applications and customizations I had installed/set up before I formatted my hard drive? This vulnerability has me very concerned.
U2CAMEB4ME
4 Operator
•
6.2K Posts
0
June 26th, 2019 12:00
Welcome to the Dell Community
To better assist you, we would need the exact model number of your laptop/desktop???
What OS are you running???
U2
PLEASE DO NOT POST ANY SERVICE TAGS!!!