News

At least 100,000 Dell systems vulnerable due to leak in System Detect tool

By admin
Spread the love

At least 100,000 Dell systems are vulnerable to a recently discovered vulnerability in the System Detect support tool that Dell offers through its support page. The leak has been patched, but few users manually update the tool, F-Secure discovered.

F-Secure inventoried how many customers were running System Detect and how many are running the latest version, 6.0.0.14. Only 1 percent appear to have updated the tool to the most recent version, the rest are running older, unpatched versions and are therefore vulnerable. Since the inventory was only done among F-Secure customers, the actual number is likely much higher than 100,000.

Security researcher Tom Forbes discovered the vulnerability in System Detect last November and Dell released a fix in January, after which Forbes disclosed the vulnerability. The tool allows users of Dell systems to download the latest drivers for their configuration. System Detect runs in the background and starts automatically at Windows startup.

The .NET 2.0 tool runs an http server that listens for javascript requests from Dell’s support page. However, the software only verifies whether a request is from Dell by looking for the presence of the word “dell” in the http referrer or http-origin header, Forbes found. This is easy to circumvent and attackers can easily let System Detect download and install its own malware by letting web browsers make requests via manipulated URLs.

You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Logitech acquires stream controller maker Loupedeck

News

Anticheat FaceIT gets Linux version, enables Steam Deck support

Exit mobile version