Security News

Dell desktops, laptops, and tablets built since 2009 and running Windows can be exploited to grant rogue users and malware system-administrator-level access to the computers. Essentially, Dell's driver accepts system calls from any user or program on a machine; there are no security checks nor an access control list to see if the caller is sufficiently authorized or privileged.

Five high-severity security flaws in Dell's firmware update driver are impacting potentially hundreds of millions of Dell desktops, laptops, notebooks and tablets, researchers said. The multiple local privilege-escalation bugs exist in the firmware update driver version 2.3 module, which has been in use since 2009.

Owners of Dell devices were informed on Tuesday that a firmware update driver present on a large number of systems is affected by a series of high-severity vulnerabilities. Dell says the vulnerabilities, caused by insufficient access control issues, can be exploited by a local, authenticated attacker for privilege escalation, denial of service, or information disclosure.

A driver that's been pushed for the past 12 years to Dell computer devices for consumers and enterprises contains multiple vulnerabilities that could lead to increased privileges on the system. It is estimated that hundreds of millions of Dell computers, from desktops and laptops to tablets, received the vulnerable driver through BIOS updates.

The VMware Special Committee of independent directors and Dell Technologies have agreed to terms in which VMware will be spun-off from Dell Technologies. Dell Technologies stockholders will receive a pro-rata distribution of VMware shares held by Dell Technologies, and Michael Dell and Silver Lake Partners will own direct interests in VMware.

A team of researchers today unveiled two critical security vulnerabilities in Dell Wyse Thin clients that could have potentially allowed attackers to remotely execute malicious code and access arbitrary files on affected devices. The flaws, which were uncovered by healthcare cybersecurity provider CyberMDX and reported to Dell in June 2020, affects all devices running ThinOS versions 8.6 and below.

Dell on Monday informed customers that updates released for some of its Wyse Thin Client products patch a couple of critical vulnerabilities that can be exploited remotely without authentication to compromise devices. Dell Wyse Thin Client is a small form-factor PC series that runs an operating system named ThinOS, which Dell advertises as "The most secure thin client operating system." According to CyberMDX, there are more than 6,000 organizations using these products, including many healthcare providers, in the U.S. alone.

Dell has patched two critical security vulnerabilities in its Dell Wyse Thin Client Devices, which are small form-factor computers optimized for connecting to a remote desktop. The bugs allow arbitrary code execution and the ability to access files and credentials, researchers said.

Dell, which pitches its Wyse ThinOS as "The most secure thin client operating system," plans to publish an advisory on Monday for two severe security vulnerabilities. The vulnerabilities, which affect all Dell Wyse Thin Clients running ThinOS versions 8.6 or earlier, allow more or less anyone to remotely run malicious code and to access arbitrary files on vulnerable devices.

Almost a dozen Dell Wyse thin client models are vulnerable to critical issues that could be exploited by a remote attacker to run malicious code and gain access to arbitrary files. It is estimated that more than 6,000 organizations, most of them from the healthcare sector, have deployed Dell Wyse thin clients on their networks.