At least 100,000 Dell systems vulnerable due to leak in System Detect tool

Spread the love

At least 100,000 Dell systems are vulnerable to a recently discovered vulnerability in the System Detect support tool that Dell offers through its support page. The leak has been patched, but few users manually update the tool, F-Secure discovered.

F-Secure inventoried how many customers were running System Detect and how many are running the latest version, 6.0.0.14. Only 1 percent appear to have updated the tool to the most recent version, the rest are running older, unpatched versions and are therefore vulnerable. Since the inventory was only done among F-Secure customers, the actual number is likely much higher than 100,000.

Security researcher Tom Forbes discovered the vulnerability in System Detect last November and Dell released a fix in January, after which Forbes disclosed the vulnerability. The tool allows users of Dell systems to download the latest drivers for their configuration. System Detect runs in the background and starts automatically at Windows startup.

The .NET 2.0 tool runs an http server that listens for javascript requests from Dell’s support page. However, the software only verifies whether a request is from Dell by looking for the presence of the word “dell” in the http referrer or http-origin header, Forbes found. This is easy to circumvent and attackers can easily let System Detect download and install its own malware by letting web browsers make requests via manipulated URLs.

You might also like