Dell's support software "Dell System Detect" has vulnerability detection, 99% of users use unsupervised version

Dell's support software "Dell System DetectIt was discovered that a vulnerability was found in a malicious attacker and there was a danger that a malicious attacker could illegally send and execute arbitrary files unknowingly. Dell has already released version 6.0.0.14, which is a remedy for this vulnerability, but it seems that it is necessary for users using earlier versions to update immediately.

Dell System Detect RCE vulnerability | Tom's corner of the internet
http://tomforb.es/dell-system-detect-rce-vulnerability

F-Secure Blog: Risks of remote code execution to Dell's System Detect
http://blog.f-secure.jp/archives/50746145.html

Dell System Detect(DSD) is one of the applications that Dell provides for user support, and as its name implies, it has three main functions of "detection of product", "detection of driver", and "execution of diagnosis" . The software version can be confirmed in the red frame part of the screen that launched DSD.


DSD has the function of accessing Dell's server and automatically downloading and installing the latest drivers and other files, but security expertsTom ForbesAccording to what he said in the blog, originally DSD needs to download a file from the server including "dell.com" when accessing the server, but simply by the character string "dell" The problem that it permits all the servers that contain it has been confirmed.

Forbes analyzes the communication performed by DSD by using the developer tool implemented in Google Chrome and authenticates only that the character string of "dell" is included in the domain as follows We are tracking down that.


これを悪用すると、本来は「dell.com」のドメインに接続することが必要なはずの通信が、例えば「http://hacker.com/dell」のように「dell」の文字列が含まれている場合であればどこでも許容されてしまうことになり、悪意のある攻撃者が不正にマルウェアを送り込んだり、プログラムを起動させることが可能になってしまうとのこと。

Security related companiesF-SecureIn order to verify this problem, we have experimented to run the program remotely using a fictitious domain "notreallydell.com", and succeeded in launching a Windows calculator like the image below.


Dell has already taken measures in response to Forbes' report and this problem can be avoided by updating DSD to the latest version, but this application does not support automatic updating , The user you are usingYou need to perform an update yourselfthere is. According to F-Secure, as of the beginning of April 2015, only 1% of users are using the latest version, 99% of users continue to use old versions that remain vulnerable is.

F-Secure Blog: Risks of remote code execution to Dell's System Detect


Even though it has been countermeasured, from the situation that the old version of the software with the risk continues to be used frequently, the antivirus softwareMalwarebytesDSDPUP: Suspicious programIt is a state to judge it.

Dell System Detect Vulnerability now classified as a PUP | Malwarebytes Unpacked


The latest version that has been dealt with can be downloaded from the following URL, so please update the person who put "Dell System Detect" as soon as possible.

https://downloads.dell.com/tools/dellsystemdetect/dellsystemdetect.application