Unsolved
14 Posts
0
6001
Dell SupportAssist bug
There are stories all over the news about Dell PCs being vulnerable to a bug in the SupportAssist tool. I downloaded the recommended patch "Dell SupportAssist for Home PCs version 3.2.2". When I try to install it I'm told that it's already installed and I'm up to date. I have automatic updates turned off so I don't know how it got installed.
Also, when I do an Update check there's a listing for "SupportAssist Update Plugin (11.4mb, 5/9/2019" that is a recommended update. What is that? It's only a recommended update and I tend to avoid those if everything is working well.
How can I manually check to see if I really do have version 3.2.2 of the SupportAssist installed? This seems to be a very serious bug and I want to make sure I'm covered. When I check my folder ProgramFiles\Dell\SupportAssistAgent\bin all of the relevant files are dated 5/24/2019. That makes me think that I don't have 3.2.2 installed.
One more disturbing item. I found the link to the updated file on Dell's site at "https://www.dell.com/support/article/us/en/04/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=en"
One link on that page - Please visit "https://www.dell.com/support/home?app=drivers" for updates on the applicable products. - takes me to a Polish language page. That obviously doesn't seem right.
boxner1
14 Posts
0
June 22nd, 2019 15:00
Thanks!
It shows I have version 3.2.2.119, so I assume I'm safe.
The odd thing is that it shows it was installed on 5/29/2019. The news stories are all from today and they make it sound like the update was just released.
Still unexplained is why a Dell link takes you to a Polish language page. :-)
U2CAMEB4ME
4 Operator
4 Operator
•
6.2K Posts
0
June 22nd, 2019 15:00
Welcome to the Dell Community @boxner1
Try going to the "Control Panel"
Then click on "Default Programs"
Then click on "Programs and Features"
There you should find the version.
Best regards,
U2
DELL-Jesse L
Moderator
Moderator
•
16.8K Posts
0
June 24th, 2019 06:00
boxner1,
Unfortunately, based on the service tag number, the warranty has expired. You can wait for a reply from other community members or contact the Dell Out of Warranty Support Team by clicking here
speedstep
9 Legend
9 Legend
•
47K Posts
0
June 24th, 2019 09:00
I would remove support assist.
Then Reboot.
Then make sure any windows updates are done.
Then make sure the feature update to 1903 is done.
Then make sure updates are done there are at least 5 for 1903.
Then install the current Support Assist.
DSA Identifier: DSA-2019-051
CVE Identifier: CVE-2019-3718, CVE-2019-3719
Severity: High
Severity Rating: CVSS Base Score: See below for NVD Scores
Affected products:
Dell SupportAssist Client versions prior to 3.2.0.90
Customers can download software from https://downloads.dell.com/serviceability/Catalog/SupportAssistInstaller.exe
Getting this from ANYWHERE ELSE is NOT recommended.
U2CAMEB4ME
4 Operator
4 Operator
•
6.2K Posts
1
June 24th, 2019 10:00
@boxner1
04/29/19 - Vulnerability reported
04/29/19 - Initial Response from Dell scheduled by May 7th, 2019
05/08/19 - Dell has confirmed the vulnerability
05/21/19 - Dell sent the issue to PC-Doctor
05/21/19 - PC-Doctor scheduled a fix to be released in mid-June as it affects not only Dell but multiple OEMs.
05/22/19 - CVE-2019-12280 Assigned by PC-Doctor
05/28/19 – Dell released fixes provided by PC-Doctor for affected SupportAssist versions: Dell SupportAssist for Business PCs version 2.0, and Dell SupportAssist for Home PCs version 3.2.1 and all prior versions
06/12/19 - Disclosure date extended to June 19th
06/19/2019 - Vulnerability disclosed.
Affected Products:
Dell SupportAssist for Business PCs version 2.0
Dell SupportAssist for Home PCs version 3.2.1 and all prior versions
Regards,
U2
boxner1
14 Posts
0
June 24th, 2019 14:00
I did remove SupportAssist. Better safe than sorry. :-)
Is there any good reason that I should reinstall the current version? What am I missing by leaving it removed?
I do see they've corrected the link I mentioned. It now goes to an English language page.
DELL-Jesse L
Moderator
Moderator
•
16.8K Posts
0
June 25th, 2019 09:00
boxner1,
Our first priority is product security and helping our customers ensure the security of their data and systems. The vulnerability discovered by SafeBreach is a PC Doctor vulnerability, a third-party component that ships with Dell SupportAssist for Business PCs and Dell SupportAssist for Home PCs. PC Doctor moved quickly to release the fix to Dell, we implemented it and released updates on May 28, 2019 for the affected SupportAssist versions. More than 90% of customers to date have received the update and are no longer at risk. Most customers have automatic updates enabled, which is a general security best practice to keep software and systems up to date. We urge customers to review our security advisory (DSA-2019-084) and turn on automatic updates or manually update their SupportAssist software.
unBIOSed
96 Posts
0
June 27th, 2019 10:00
speedstep
9 Legend
9 Legend
•
47K Posts
0
June 27th, 2019 10:00
XSS actors are installing more than bad support assist.
The only sure way is to clean install offline and do all updates then scan the old drive in a dock OFFLINE.
If they can convince you to click a link they have you.
The following video is ancient but all of the problems with windows are still problems even now in 2019.
https://www.youtube.com/watch?v=Mtos6ZSkzzM
Cross-Site Scripting (XSS) attacks are a type of injection attack where cybercriminals deliver malicious script or code to a client browser, often via a vulnerable web application. In this type of attack, cybercriminals trick users’ browser into executing malicious code. A classic example is causing a browser to display a popup with a link to a website that installs malware. Its even easier if they post the link here and ask you to Click it to get your answer. BE VERY WARY OF https:// links to obfuscated or clear text urls. DOM XSS vulnerability, Java, Flash, Acrobat, JPG files and other PE droppers.
unBIOSed
96 Posts
0
June 27th, 2019 11:00
@speedstep
That's a description for XSS, which is primarily web-related. Typically, it is executed by malicious JavaScript that hackers manage to run in your browser because the code gets reflected, from the server and into the victim's Html code. This type of attack is quite wide-spread.
What SupportAssist had appears to be even more severe. With RCE and privilege escalation, hackers had a chance to install files (like keyloggers, backdoors, etc.). If they did while the vulnerabilities were undiscovered and unpatched, then they still have an opportunity to exploit the victims' systems at any time they want. The only thing one can do, to ensure that they are safe, is to format the disk and reinstall Windows. Something that Dell is reluctant to tell us.
speedstep
9 Legend
9 Legend
•
47K Posts
0
June 27th, 2019 11:00
Support Assist is not the only problem. Once infected its hard to tell which was first. Its not just java script. There is JPG issue and SilverLight Issue and Flash Issues constantly, and NPAPI plugins, Quicktime, other codecs, ZIP files, WINRAR files etc.
Its always safer to scorched earth clean install.
Legal trolling on the forum is a violation of TOS.
I have clients all the time swear the hardware is bad when its malware.
When we remove the malware and show that the hardware is fine they refuse to pay for a service call so we cancel them. Termination for Cause.
Eventually they infect more and more and eventually they pay for reinstall / re image.
Intel Management engine, INTEL HD Graphics, Nvidia, ATI, Realtek Audio, Realtek SD card reaters and and and and have all had issues.
So I'm not sure what you are asking for other than for Dell to be responsible for merchantability and fitness for a partucular purpose. Which they wont be.
unBIOSed
96 Posts
0
June 27th, 2019 13:00
If vulnerabilities like RCE or PE are discovered, then, among other things, we should be warned - in black and white, and in large text - that, by not formatting the disk or reinstalling the OS, we are continuing to use the existing systems at our own peril.
I am not sure that this message is currently communicated in a manner that is clear enough to an average user.