Windows 10 has enough problems to deal with on its own, but Microsoft’s OEM partners just made things a lot worse.
Millions of Dell computers running Windows, and possibly many more computers made by other brands, are vulnerable to a flaw in their internal system-health software that could let hackers take over the machines, according to a new report from security company SafeBreach. That estimate is conservative with the number of PC’s exposed realistically set to be hundreds of millions.
The security flaw lies in the PC-Doctor Toolbox, systems analysis software which is rebranded and pre-installed on PCs made by some of the world’s largest computer retailers, including Dell, its Alienware gaming brand, Staples and Corsair. Dell alone shipped almost 60M PCs last year and the company states PC-Doctor Toolbox (which it rebrands as part of ‘SupportAssist’) was pre-installed on “most” of them.
What SafeBreach has discovered is a high-severity flaw which allows attackers to swap-out harmless DLL files loaded during Toolbox diagnostic scans with DLLs containing a malicious payload. The injection of this code impacts both Windows 10 business and home PCs and enables hackers to gain full control of your computer.
What makes it so dangerous is PC-makers give Toolbox high-permission level access to all your computer’s hardware and software so it can be monitored. The software can even give itself new, higher permission levels as it deems necessary. So once malicious code is injected via Toolbox, it can do just about anything to your PC.
Even worse, PC makers are currently engaged in a game of Whack-A-Mole trying to make PC-Toolbox secure. SafeBreach reports that it initially found flaws in Toolbox back in April and Dell released a patch to address it, but now SafeBreach has found further vulnerabilities and it looks like these will not be the last.
Should you be concerned?
Windows 10 users exposed to this problem are unlikely to even know they have a problem. Dell builds PC-Toolbox into SupportAssist, Corsair relabels it as ‘One Diagnostics’ or just ‘Diagnostics’, Staples calls it ‘Easy Tech Diagnostics’, Tobii Dynavox (makers of eye=tracking software and devices) refers to their version as ‘I-Series/Dynavox Diagnostic Tools’ and there will inevitably be more partners affected by this challenge. If your PC has a built in tool that monitors your PC’s health, do some research on your PC manufacturers/resellers websites to determine if the underlying application is PC-Toolbox.
Some people are trying to blame Microsoft for this.
The reality is that Microsoft is helpless to stop PC makers from pre-installing whatever they want on Windows computers, even if it compromises their security. It’s frustrating, but this level of partnering is also what made Windows such a global hit in the first place.
SafeBreach researchers said PC-Doctor refused to give them a list of its other clients, but the PC-Doctor website states that “leading manufacturers have installed over 100 million copies of PC-Doctor for Windows on computer systems worldwide.”
Dell has released a firmware fix for this latest problem:
https://www.dell.com/support/article/us/en/04/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=en