Security News

'Millions' of Dell PCs will grant malware, rogue users admin-level access if asked nicely
2021-05-04 19:56

Dell desktops, laptops, and tablets built since 2009 and running Windows can be exploited to grant rogue users and malware system-administrator-level access to the computers. Essentially, Dell's driver accepts system calls from any user or program on a machine; there are no security checks nor an access control list to see if the caller is sufficiently authorized or privileged.

Hundreds of Millions of Dell Users at Risk from Kernel-Privilege Bugs
2021-05-04 16:07

Five high-severity security flaws in Dell's firmware update driver are impacting potentially hundreds of millions of Dell desktops, laptops, notebooks and tablets, researchers said. The multiple local privilege-escalation bugs exist in the firmware update driver version 2.3 module, which has been in use since 2009.

High-Severity Dell Driver Vulnerabilities Impact Hundreds of Millions of Devices
2021-05-04 15:10

Owners of Dell devices were informed on Tuesday that a firmware update driver present on a large number of systems is affected by a series of high-severity vulnerabilities. Dell says the vulnerabilities, caused by insufficient access control issues, can be exploited by a local, authenticated attacker for privilege escalation, denial of service, or information disclosure.

Vulnerable Dell driver puts hundreds of millions of systems at risk
2021-05-04 13:07

A driver that's been pushed for the past 12 years to Dell computer devices for consumers and enterprises contains multiple vulnerabilities that could lead to increased privileges on the system. It is estimated that hundreds of millions of Dell computers, from desktops and laptops to tablets, received the vulnerable driver through BIOS updates.

Dell Technologies to spin-off VMware, positioning it for further growth
2021-04-15 23:00

The VMware Special Committee of independent directors and Dell Technologies have agreed to terms in which VMware will be spun-off from Dell Technologies. Dell Technologies stockholders will receive a pro-rata distribution of VMware shares held by Dell Technologies, and Michael Dell and Silver Lake Partners will own direct interests in VMware.

Two Critical Flaws — CVSS Score 10 — Affect Dell Wyse Thin Client Devices
2020-12-24 20:51

A team of researchers today unveiled two critical security vulnerabilities in Dell Wyse Thin clients that could have potentially allowed attackers to remotely execute malicious code and access arbitrary files on affected devices. The flaws, which were uncovered by healthcare cybersecurity provider CyberMDX and reported to Dell in June 2020, affects all devices running ThinOS versions 8.6 and below.

Critical Vulnerabilities Expose Dell Wyse Thin Client Devices to Attacks
2020-12-21 19:04

Dell on Monday informed customers that updates released for some of its Wyse Thin Client products patch a couple of critical vulnerabilities that can be exploited remotely without authentication to compromise devices. Dell Wyse Thin Client is a small form-factor PC series that runs an operating system named ThinOS, which Dell advertises as "The most secure thin client operating system." According to CyberMDX, there are more than 6,000 organizations using these products, including many healthcare providers, in the U.S. alone.

Critical Bugs in Dell Wyse Thin Clients Allow Code Execution, Client Takeovers
2020-12-21 17:00

Dell has patched two critical security vulnerabilities in its Dell Wyse Thin Client Devices, which are small form-factor computers optimized for connecting to a remote desktop. The bugs allow arbitrary code execution and the ability to access files and credentials, researchers said.

Dell Wyse Thin Client scores two perfect 10 security flaws
2020-12-21 17:00

Dell, which pitches its Wyse ThinOS as "The most secure thin client operating system," plans to publish an advisory on Monday for two severe security vulnerabilities. The vulnerabilities, which affect all Dell Wyse Thin Clients running ThinOS versions 8.6 or earlier, allow more or less anyone to remotely run malicious code and to access arbitrary files on vulnerable devices.

Critical bugs in Dell Wyse ThinOS allow thin client take over
2020-12-21 12:59

Almost a dozen Dell Wyse thin client models are vulnerable to critical issues that could be exploited by a remote attacker to run malicious code and gain access to arbitrary files. It is estimated that more than 6,000 organizations, most of them from the healthcare sector, have deployed Dell Wyse thin clients on their networks.