pcdsrvc_x64.sys
PC-Doctor diagnostic toolbox driver (Dell SupportAssist and other OEM utilities)
pcdsrvc_x64.sys (with its 32-bit sibling pcdsrvc.sys) is the kernel component of PC-Doctor's diagnostic toolbox, an OEM utility most widely known as the engine inside Dell SupportAssist. The same component was embedded in other OEM system-health suites including Corsair Diagnostics and Staples EasyTech. SupportAssist alone shipped preinstalled on a very large share of Dell consumer laptops and desktops.
In 2019, SafeBreach researcher Peleg Hadar disclosed that the driver exposed a device interface that any local user could open, permitting arbitrary physical-memory read and write from a Microsoft-signed kernel driver. That is one of the cleanest possible BYOVD primitives, because the signed driver already exists on millions of machines and any local foothold can use it. The vulnerability is tracked as CVE-2019-12280. PC-Doctor and Dell shipped patched builds in mid-2019.
If you have a Dell laptop with SupportAssist installed (or one of the other affected OEM utilities), the driver is expected. Keep SupportAssist updated through Windows Update or Dell's own updater; if you do not use it, uninstall it.
pcdsrvc_x64.sys is listed as a known-vulnerable driver on the public LOLDrivers project. One distinct binary hash matching this filename is on record.
Status data comes from the public LOLDrivers project, a community-curated registry of drivers known to be vulnerable or malicious. The snapshot Vera uses was refreshed July 10, 2026. CVE links go to the NIST National Vulnerability Database.
Vera Project. “pcdsrvc_x64.sys.” Vera Field Guide (Driver). The Vera Project. https://www.veraproject.xyz/field-guide/drivers/pcdsrvc-x64-sys
