Vulnerable Dell utility could let attackers learn all about a target PC


— 11:45 AM on December 2, 2015

Looks like Dell is on a roll, and not the good kind. After the company's recent Superfishy root CA problem, security researchers are now finding holes in Dell's Foundation Services support software. According to the company, this software "provides a core set of foundational services facilitating customer serviceability, messaging, and support functions."

Last week, the LizardHQ security research team disclosed a vulnerability in Foundation Services version 2.3.3800.0A00, which allowed a remote attacker to determine a device's Service Tag. That tag could then be used for social engineering purposes or possibly to track a user. Dell updated the software to version 3.0.700.0A00 in response, and it seems to have made the problem worse.

A recently-issued LizardHQ advisory details a new vulnerability in Foundation Services that lets a remote attacker pass any query to the target system's Windows Management Instrumentation service (WMI). This allows a miscreant to know pretty much everything there is to know about a vulnerable system, given that WMI enumerates all of its host machine's hardware and software characteristics. For example, an attacker can have lots of fun just playing with WMI's disk and file system listing functionality.

According to Dell's website, the Foundation Services software is preinstalled on a substantial number of devices, including models in the XPS, Optiplex, and Precision lineups. Until a patch is issued, it's reasonable to assume all machines carrying the software are vulnerable. LizardHQ offers no suggestions for users to protect themselves other than uninstalling Foundation Services.

   
Register
Tip: You can use the A/Z keys to walk threads.
View options

This discussion is now closed.