Dell support software leaks system information

By

Uninstallation of Dell Foundation Services recommended.

IT giant Dell is shipping computers with support software that leaks extensive amounts of information about the systems it is preloaded on, researchers have found.

Dell support software leaks system information

LizardHQ researcher "slipstream/RoL" discovered that the Dell Foundation Services application, used to provide information for customer support, also installs and activates a webserver on computers. The security research firm counts some former LulzSec hacktivists as members.

The webserver responds to queries on transmission control protocol (TCP) port 7779 - by issuing requests to the webserver, attackers can query Microsoft's Windows Management Instrumentation (WMI) utility to glean full information about a victim's system.

Information leaked via WMI, which is used for systems management, includes details of the computer hardware, software, running processses and services, which storage is accessible, file data such as their names, dates and sizes, and more.

Prior to the recently discovered information disclosure vulnerability, LizardHQ had found that the webserver would leak Dell service tags, which are hardcoded and unique for each system.

Dell addressed that vulnerability, but in doing so, made the web interface a simple object access protocol (SOAP) service, the researchers said.

Vulnerable systems connected to the internet can be found via the Shodan.io scanner, and the flaw can also be exploited via local area networks, according to LizardHQ.

LizardHQ recommends that Dell users uninstall the Dell Foundation Services software.

Earlier in November this year, Dell had to scramble to plug another serious vulnerability in its support software.

The company shipped a fake, eDellRoot certificate authority (CA) and included its private key, for SSL/TLS protected connections that web browsers would trust.

This created a vulnerability that could be used to silently intercept SSL/TLS encrypted communications as well as sign malicious code that would be trusted by the computer operating system.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'

Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls

NSW Police to embark on $126m IT overhaul

NSW Police to embark on $126m IT overhaul

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?