Dell System Detect has security flaw
Posted by: Timothy Weaver on 04/07/2015 09:32 AM
[
Comments
]
Older versions of the Dell System Detect tool have been found to put computers at risk.
Tom Forbes, a security researcher, warned that attackers can exploit a weakness in older versions of Dell System Detect to remotely install malware on computers when users visit specially crafted websites.
The tool detects the service tags of users’ PCs, so it can offer the corresponding drivers.
Dell released an updated version of the tool back in January, but few people have updated. Users need to install version 6.0.14, which also prevents the program from running automatically when the operating system starts.
F-Secure has detected at least 100,000 devices with the tool, but only 1% have updated. “We are continuing to investigate further issues and actions that may be necessary to protect our customers,” the F-Secure researchers said.
Malwarebytes announced that vulnerable versions of the program will now be detected as PUP. The company said: We at Malwarebytes are pretty sure there are a lot of folks that won’t know about this vulnerability, so we decided to detect it for the sake of raising awareness. Vulnerable versions of this tool have been seen as early as mid 2012 though most likely even earlier, according to our sources so anyone with a Dell system purchased a few years ago should take special notice and run a scan ASAP.”
The owners of Dell computers should either uninstall the tool or ensure that they’re running the latest version by following the instructions on Dell’s website.
Source: PCWorld
Tom Forbes, a security researcher, warned that attackers can exploit a weakness in older versions of Dell System Detect to remotely install malware on computers when users visit specially crafted websites.The tool detects the service tags of users’ PCs, so it can offer the corresponding drivers.
Dell released an updated version of the tool back in January, but few people have updated. Users need to install version 6.0.14, which also prevents the program from running automatically when the operating system starts.
F-Secure has detected at least 100,000 devices with the tool, but only 1% have updated. “We are continuing to investigate further issues and actions that may be necessary to protect our customers,” the F-Secure researchers said.
Malwarebytes announced that vulnerable versions of the program will now be detected as PUP. The company said: We at Malwarebytes are pretty sure there are a lot of folks that won’t know about this vulnerability, so we decided to detect it for the sake of raising awareness. Vulnerable versions of this tool have been seen as early as mid 2012 though most likely even earlier, according to our sources so anyone with a Dell system purchased a few years ago should take special notice and run a scan ASAP.”
The owners of Dell computers should either uninstall the tool or ensure that they’re running the latest version by following the instructions on Dell’s website.
Source: PCWorld
Comments
