Sunday June 23, 2019
Gordon Kelly
Windows 10 users have been exposed to a worrying new vulnerability STEVE KOTECKI
Windows 10 has enough problems to deal with right now. But Microsoft’s partners just made things a lot worse.
Picked up by Gizmodo, acclaimed Californian security company SafeBreach has revealed that software pre-installed on PCs has left “millions” of users exposed to hackers. Moreover, that estimate is conservative with the number realistically set to be hundreds of millions.
The flaw lies in PC-Doctor Toolbox, systems analysis software which is rebadged and pre-installed on PCs made by some of the world’s biggest computer retailers, including Dell, its Alienware gaming brand, Staples and Corsair. Dell alone shipped almost 60M PCs last year and the company states PC-Doctor Toolbox (which it rebrands as part of ‘SupportAssist’) was pre-installed on “most” of them.
What SafeBreach has discovered is a high-severity flaw which allows attackers to swap-out harmless DLL files loaded during Toolbox diagnostic scans with DLLs containing a malicious payload. The injection of this code impacts both Windows 10 business and home PCs and enables hackers to gain complete control of your computer.
What makes it so dangerous is PC-makers give Toolbox high-permission level access to all your computer’s hardware and software so it can be monitored. The software can even give itself new, higher permission levels as it deems necessary. So once malicious code is injected via Toolbox, it can do just about anything to your PC.
Dell SupportAssist has PC-Doctor Toolbox built into it and it is shipping on 10s of millions of PCs every year DELL
Worst still, PC makers are currently engaged in a game of Whack-A-Mole trying to make Toolbox secure. SafeBreach reports it initially found flaws in Toolbox back in April and Dell released a patch to address it, but now SafeBreach has found further vulnerabilities and it looks highly unlikely that these will be the last.
The end result is many Windows 10 users exposed to this problem are unlikely to even know they have it because who actually uses pre-installed bloatware? As such, my advice would be to search your computer uninstall it. Dell builds it into SupportAssist, Corsair labels it ‘One Diagnostics’ or just ‘Diagnostics’, Staples calls it ‘Easy Tech Diagnostics’, Tobii refers to its as ‘I-Series/Dynavox Diagnostic Tools’ and there will inevitably be more so do your research.
As a wider tip: I would also advise anyone who buys a new PC to make their first step formatting the computer and reinstalling Windows. You should be in control of what programs are running on your PC. If you don’t know how to do this, find a family member, friend or colleague who does.
Does Microsoft deserve blame for this? Ultimately, it is helpless to stop PC makers pre-installing whatever they want on Windows computers even if it compromises their security and this is something which drives people to other platforms. It’s frustrating, but this level of partnering is also what made Windows such a global hit in the first place.
That said, it’s also what makes Microsoft’s recent pledge of more "control, quality and transparency" not only worryingly complex but extremely hard to deliver.