Dell System Detect Vulnerability now classified as a PUP

Posted: April 3, 2015 by Adam Kujawa
Last updated: June 22, 2017

UPDATE:

After some updates of the latest versions of Dell System Detect, we have delisted this application from its previous classification as a Potentially Unwanted Program (PUP).

We have pushed out the latest updates to delist this application this morning, however if you are still detecting it:

If you are running MBAM2, you will need database version v2017.06.21.11 or newer.
If you are running MBAM3, you will need package version 1.0.2201 or newer.

So please make sure you update your instance of Malwarebytes.

—————

As of last night, Malwarebytes started detecting a very popular and very vulnerable application as a PUP.

This application, known as Dell System Detect, is pre-installed with many Dell systems. According to research done by Tom Forbes, older versions of Dell System Detect are vulnerable to a serious remote code execution attack.

What this basically means is that anyone with a vulnerable version of the tool (which maintains persistence on the system and therefore is always running) might be directed by an attacker to a specific website designed to exploit the flaw in the program and execute any commands the attacker wishes.

This could potentially lead to malware being installed without user awareness, stolen credentials, damaged system configuration and more.

Thankfully Dell has since modified this tool based on the research and it is no longer vulnerable, so it’s in the best interest for everyone to update this tool if they are running a computer designed by Dell.

However, we at Malwarebytes are pretty sure there are a lot of folks that won’t know about this vulnerability, so we decided to detect it for the sake of raising awareness.

Vulnerable versions of this tool have been seen as early as mid 2012 though most likely even earlier, according to our sources so anyone with a Dell system purchased a few years ago should take special notice and run a scan ASAP.

To make this easy for the search engines, if you have the following being detected on your system:

PUP.Vulnerable.DellSystemDetect

You are vulnerable to a serious remote code execution attack from cyber criminals. Please update your Dell System Detect software immediately: UPDATE HERE

For more information:

Thanks for reading and safe surfing!

COMMENTS

Dell System Detect Vulnerability now classified as a PUP

UPDATE:

PUP.Vulnerable.DellSystemDetect

You are vulnerable to a serious remote code execution attack from cyber criminals. Please update your Dell System Detect software immediately: UPDATE HERE

Block all or nothing to prevent ICO fraud?

DDoS attacks are growing: What can businesses do?

HTTPS… Everywhere!

Torify and analyze traffic for your VM

Yontoo: PUPs with two faces

Cybersecurity info you can’t do without