Dell released a security update to address a vulnerability in the PC Doctor component of the Dell SupportAssist software. A local attacker could replace a malicious utility library used by the PC Doctor component to exploit the vulnerability.
Successful exploitation of the vulnerabilities could lead to local privilege escalation and information disclosure on an affected system.
Dell has released new versions of the product to address the vulnerability. The updates can be obtained by using the auto-update mechanism or by downloading at the following URLs:
Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
https://www.dell.com/support/article/hk/zh/hkdhs1/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=en
https://safebreach.com/Post/OEM-Software-Puts-Multiple-Laptops-At-Risk
https://www.us-cert.gov/ncas/current-activity/2019/06/21/Dell-Releases-Security-Advisory-Dell-SupportAssist
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12280