SafeBreach has released details of a vulnerability in PC-Doctor, a support tool used by several PC vendors including Dell. The software allows end users to self-diagnose problems with computer hardware and software. It speeds up the diagnostic process and reduces the time spent on support calls for vendors and users. Dell, for example, installs it as part of the Dell SupportAssist software. Other OEMs have also installed the software on machines.
Researchers from SafeBreach Labs discovered vulnerabilities in the library structure of the application. This allowed them access to the memory on the remote systems. Once they had this access they could read what was stored and, more importantly, write to that memory. The latter allowed them to install malicious software on the remote system and carry out privilege elevation attacks to take over a computer.
According to Itzik Kotler, CTO and Co-Founder of SafeBreach: “This is a serious security issue that would allow attackers access to system-level capabilities, giving them near total control over what’s happening on that machine and the ability to read, copy or alter any data in physical memory.
“We urge everyone who has purchased a machine that uses PC-Doctor software as part of its health check system to upgrade and patch their machines as quickly as possible.”
The vulnerability was first detected in late April.
A quick response by Dell but what of other OEMs?
SafeBreach passed the details of the vulnerability to Dell who, in turn, passed it back to PC-Doctor. The result was that Dell released a patch for its customers at the end of May. As the software is rebranded by other OEMs, PC-Doctor asked for a delay in notification of the breach while it created and tested a patch for all users of the software.
In mid-June, PC-Doctor began deploying that patch using automatic update to all registered users of the software who have auto-update turned on. It now believes that all those users are patched. It is urging all customers to turn auto-updates on to ensure that they get new patches as they are released.
SafeBreach has provided a list of software affected by this vulnerability. It includes:
- PC-Doctor Toolbox for Windows
- CORSAIR ONE Diagnostics
- CORSAIR Diagnostics
- Staples EasyTech Diagnostics
- Tobii I-Series Diagnostic Tool
- Tobii Dynavox Diagnostic Tool
Enterprise Times: What does this mean
What is important here is that the vulnerability is fixed and was fixed relatively quickly. SafeBreach escalated to Dell who, in turn, escalated to PC-Doctor. The patch was then deployed across all users with auto update turned on. While users often complain about auto updates interrupting their work, this is a perfect example of why auto updates are so effective.
PC-Doctor claims to have over 100 million users of its software. That’s a lot of machines to fix in a short period of time. Most of those users, such as those using Dell SupportAssist are not directly supported by PC-Doctor. Despite the use of auto update, it raises the question as to how many users are still unpatched. At the time of writing, PC-Doctor had not responded to a request asking how many users remain unpatched.