Looks like Dell is on a roll, and not the good kind. After the company's recent Superfishy root CA problem, security researchers are now finding holes in Dell's Foundation Services support software. According to the company, this software "provides a core set of foundational services facilitating customer serviceability, messaging, and support functions."
Last week, the LizardHQ security research team disclosed a vulnerability in Foundation Services version 2.3.3800.0A00, which allowed a remote attacker to determine a device's Service Tag. That tag could then be used for social engineering purposes or possibly to track a user. Dell updated the software to version 3.0.700.0A00 in response, and it seems to have made the problem worse.
A recently-issued LizardHQ advisory details a new vulnerability in Foundation Services that lets a remote attacker pass any query to the target system's Windows Management Instrumentation service (WMI). This allows a miscreant to know pretty much everything there is to know about a vulnerable system, given that WMI enumerates all of its host machine's hardware and software characteristics. For example, an attacker can have lots of fun just playing with WMI's disk and file system listing functionality.
According to Dell's website, the Foundation Services software is preinstalled on a substantial number of devices, including models in the XPS, Optiplex, and Precision lineups. Until a patch is issued, it's reasonable to assume all machines carrying the software are vulnerable. LizardHQ offers no suggestions for users to protect themselves other than uninstalling Foundation Services.
|Razer Kiyo and Seiren X set the stage for streaming excellence||19|
|MSI Cubi 3 Silent and Silent S can be seen but not heard||13|
|Massdrop's Vast 35" VA display lives up to its name||31|
|Spitballing the performance of Nvidia's purported GTX 1070 Ti||22|
|Friday deals: a huge monitor, racing gear, audio, and more||22|
|G.Skill 3800 MT/s SO-DIMMs put lightning in tiny bottles||9|
|Cooler Master bedazzles the MasterLiquid Lite ML120L and ML240L||4|
|Razer Electra V2 offers affordable immersion||8|
|Samsung 360 Round camera captures the world from all angles||11|
|You do realise that whether you’re looking at a flat or a curved panel, you’re invariably looking at content that uses a planar projection? There...||+12|