UPDATE:
After some updates of the latest versions of Dell System Detect, we have delisted this application from its previous classification as a Potentially Unwanted Program (PUP).
We have pushed out the latest updates to delist this application this morning, however if you are still detecting it:
- If you are running MBAM2, you will need database version v2017.06.21.11 or newer.
- If you are running MBAM3, you will need package version 1.0.2201 or newer.
So please make sure you update your instance of Malwarebytes.
—————
As of last night, Malwarebytes started detecting a very popular and very vulnerable application as a PUP.
This application, known as Dell System Detect, is pre-installed with many Dell systems. According to research done by Tom Forbes, older versions of Dell System Detect are vulnerable to a serious remote code execution attack.
What this basically means is that anyone with a vulnerable version of the tool (which maintains persistence on the system and therefore is always running) might be directed by an attacker to a specific website designed to exploit the flaw in the program and execute any commands the attacker wishes.
This could potentially lead to malware being installed without user awareness, stolen credentials, damaged system configuration and more.
Thankfully Dell has since modified this tool based on the research and it is no longer vulnerable, so it’s in the best interest for everyone to update this tool if they are running a computer designed by Dell.
However, we at Malwarebytes are pretty sure there are a lot of folks that won’t know about this vulnerability, so we decided to detect it for the sake of raising awareness.
Vulnerable versions of this tool have been seen as early as mid 2012 though most likely even earlier, according to our sources so anyone with a Dell system purchased a few years ago should take special notice and run a scan ASAP.
To make this easy for the search engines, if you have the following being detected on your system:
PUP.Vulnerable.DellSystemDetect
You are vulnerable to a serious remote code execution attack from cyber criminals. Please update your Dell System Detect software immediately: UPDATE HERE
For more information:
Thanks for reading and safe surfing!
It doesn’t come up in my search, or my “uninstall a program” menu. Would that mean that I don’t have it? Also, if I did, would this code execution be able to get through NoScript?
They post these articles and then never look at them again. Good luck. You’re on your own.
If it doesn’t come up then you don’t have it. Aso if the exploit was written in Javascript, flash, or anything else NoScript disables then it would be stopped by NoScript!
Good work. Shame MalwareBytes can’t help with all pre-install software and mark as PUP.