Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Article Number: 000184012


DSA-2021-052: Dell SupportAssist for Home PCs and Business PCs Security Update for PC-Doctor Plugin Vulnerability

Summary: Dell SupportAssist for Home PCs and Business PCs contain remediation for a PC-Doctor plugin vulnerability that may be exploited by malicious users to compromise the affected system.

Article Content


Impact

High

Details

Proprietary Code CVE(s) Description CVSS Base Score CVSS Vector String
CVE-2021-21518 Dell SupportAssist for Home PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x and Dell SupportAssist for Business PCs versions 2.0.x, 2.1.x, 2.2.x, contain a DLL injection vulnerability in the Costura Fody plugin provided by PC Doctor. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges. 7.8 CVSSv3.1: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Proprietary Code CVE(s) Description CVSS Base Score CVSS Vector String
CVE-2021-21518 Dell SupportAssist for Home PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x and Dell SupportAssist for Business PCs versions 2.0.x, 2.1.x, 2.2.x, contain a DLL injection vulnerability in the Costura Fody plugin provided by PC Doctor. A local user with low privileges could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with SYSTEM privileges. 7.8 CVSSv3.1: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Product Affected Version(s) Updated Version(s) Link to Update
Dell SupportAssist for PCs Dell SupportAssist for Home PCs 3.7.x, 3.6.x, 3.4.x, and 3.3.x

Dell SupportAssist for Business PCs 2.0.x, 2.1.x, and 2.2.x
Dell SupportAssist for Home PCs 3.8.0

Dell SupportAssist for Business PCs 2.3.0
Dell SupportAssist for Home PC

Dell SupportAssist for Business PC

Dell recommends all customers upgrade at the earliest opportunity.

Method 1: Auto Update Enabled

All versions of SupportAssist automatically upgrade to the latest version available if automatic upgrades are enabled. Customers can check which version they are running and upgrade to a newer version of SupportAssist, if available.

Method 2: Manual Update

Steps for manual update of SupportAssist for Home PCs:      
  1. Open SupportAssist.
  2. On the top-right corner of the SupportAssist window, click the ‘Settings’ icon, and then click ‘About SupportAssist’. SupportAssist automatically checks if a newer version of SupportAssist is available.
  • If no update is available, a message indicating that the latest version of SupportAssist is installed is displayed.
  • If a newer version of SupportAssist is available, the ‘Update Now’ link is displayed.
  1. Upon clicking Update Now, the latest version of SupportAssist is downloaded and installed on the system.
Note: For manual update of SupportAssist for business PCs, refer to the Dell SupportAssist for business PCs deployment guide for deployment instructions.

Visit the Dell Drivers & Downloads site for updates on the applicable products.

Customers may use one of the Dell notification solutions to be notified and download driver, BIOS, and firmware updates automatically once available.
Product Affected Version(s) Updated Version(s) Link to Update
Dell SupportAssist for PCs Dell SupportAssist for Home PCs 3.7.x, 3.6.x, 3.4.x, and 3.3.x

Dell SupportAssist for Business PCs 2.0.x, 2.1.x, and 2.2.x
Dell SupportAssist for Home PCs 3.8.0

Dell SupportAssist for Business PCs 2.3.0
Dell SupportAssist for Home PC

Dell SupportAssist for Business PC

Dell recommends all customers upgrade at the earliest opportunity.

Method 1: Auto Update Enabled

All versions of SupportAssist automatically upgrade to the latest version available if automatic upgrades are enabled. Customers can check which version they are running and upgrade to a newer version of SupportAssist, if available.

Method 2: Manual Update

Steps for manual update of SupportAssist for Home PCs:      
  1. Open SupportAssist.
  2. On the top-right corner of the SupportAssist window, click the ‘Settings’ icon, and then click ‘About SupportAssist’. SupportAssist automatically checks if a newer version of SupportAssist is available.
  • If no update is available, a message indicating that the latest version of SupportAssist is installed is displayed.
  • If a newer version of SupportAssist is available, the ‘Update Now’ link is displayed.
  1. Upon clicking Update Now, the latest version of SupportAssist is downloaded and installed on the system.
Note: For manual update of SupportAssist for business PCs, refer to the Dell SupportAssist for business PCs deployment guide for deployment instructions.

Visit the Dell Drivers & Downloads site for updates on the applicable products.

Customers may use one of the Dell notification solutions to be notified and download driver, BIOS, and firmware updates automatically once available.
Acknowledgements

Dell would like to thank Richard Warren of NCC Group for reporting this issue.

Revision History

RevisionDateDescription
1.02021-03-10Initial Release

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


The information in this Dell Technologies Security Advisory should be read and used to assist in avoiding situations that may arise from the problems described herein. Dell Technologies distributes Security Advisories to bring important security information to the attention of users of the affected product(s). Dell Technologies assesses the risk based on an average of risks across a diverse set of installed systems and may not represent the actual risk to your local installation and individual environment. It is recommended that all users determine the applicability of this information to their individual environments and take appropriate actions. The information set forth herein is provided "as is" without warranty of any kind. Dell Technologies expressly disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Dell Technologies, its affiliates or suppliers, be liable for any damages whatsoever arising from or related to the information contained herein or actions that you decide to take based thereon, including any direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell Technologies, its affiliates or suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation shall apply to the extent permissible under law.

Article Properties


Affected Product

SupportAssist for Home PCs, Product Security Information, SupportAssist for Business PCs

Last Published Date

20 Oct 2021

Version

2

Article Type

Dell Security Advisory