Millions of Computers Vulnerable to Dell SupportAssist Flaw

A vulnerability has been identified in Dell SupportAssist software that is pre-installed on millions of Dell PCs and laptops. The privilege escalation flaw could be exploited by malicious software or a logged-in user to elevate privileges to administrator level.

The flaw affects both the home 9 (v 3.2.1 and prior) and business (v 2.0) versions of the SupportAssist utility, which is the new name for Dell System Detect. The purpose of the utility is to perform a check of system software and hardware to identify issues and suggest changes that can be made to correct any problems.

In order to perform those functions, the utility requires system-level permissions. Those high-level privileges are used to interact with the Dell Support website, detect the tag and code of products, and install missing or corrupted drivers and can perform driver updates.

Security researchers at SafeBreach Labs discovered a flaw in the way the software loads DLL files from user-controlled folders when the software is run. The flaw could potentially be exploited by malware, or by a user who is logged in, to corrupt DLLs and replace them with malicious files.

The next time SupportAssist loads, it will use the malicious DLLs which will be executed with system-level privileges. As such, an attacker could exploit the vulnerability to take full control of a vulnerable system. Until the flaw is patched, computers will be vulnerable to attack.

This is certainly bad news for Dell and its millions of affected customers, but this may just be the tip of the iceberg. The vulnerability is in the SupportAssist utility, the software for which is written and maintained by a Nevada-based firm called PC-Doctor. The same software is supplied to other PC brands to use in similar diagnostics tools. This flaw could therefore affect other PC manufacturers and hundreds of millions of devices.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of