Saturday 4 April 2015

100,000 Dell Users Vulnerable leak In Support Tool


Certainly 100,000 Dell users at risk by a leak in the Dell System Detects support tool allowing an attacker in the worst case, the system can take over completely if a wrong website visited. Dell System Detects offered on the Dell support page and helps to find the necessary drivers for your computer. Researcher Tom Forbes discovered a vulnerability in the program, which allows an attacker to execute arbitrary code on the computer, such as installing malware.

Detect System installs a web server on port 8884 is listening to incoming messages from the Dell website. However, Dell did not check carefully whether these incoming messages are actually coming from the Dell website. So were also requests for domains containing the text "Dell" accepted. Once the user is a domain that contains the text "Dell" would visit this area may send a request that accepts computer.

The tool also proved not only to provide the service tag of the computer to search for drivers, but also offer other options, such as downloading and installing files. Also when downloading and installing files shot the control deficiency, which Forbes malware could send it to a computer when a domain containing "Dell" was visited.

The problem is compounded by System Detects after installation in the background and remains active after a restart of the system will restart automatically. Forbes warned Dell, which adopted an update. It was investigated whether the domain ".dell." contained, As a result, it was still possible to carry out an attack by, for example, to create a subdomain as dell.domain.tld.

Patch

This week, Dell has a new version (6.0.14) adopted which ensures that only requests "* .dell.com" are accepted. In addition, the software will not start automatically. The problem is that older versions of the software itself does not automatically update, and users may not know they have ever installed.

The Finnish anti-virus company did a scan among customers of the company and discovered some 100,000 computers where Detect System was installed. Only 1% of them have the most recent version. The actual number of Dell computers with vulnerable versions of System Detects is probably much higher, because the users are only 100,000 vulnerable customers F-Secure. The latest version of System Detects via this page to download.

No comments:

Post a Comment