Security News

A team of researchers today unveiled two critical security vulnerabilities in Dell Wyse Thin clients that could have potentially allowed attackers to remotely execute malicious code and access arbitrary files on affected devices. The flaws, which were uncovered by healthcare cybersecurity provider CyberMDX and reported to Dell in June 2020, affects all devices running ThinOS versions 8.6 and below.

Dell on Monday informed customers that updates released for some of its Wyse Thin Client products patch a couple of critical vulnerabilities that can be exploited remotely without authentication to compromise devices. Dell Wyse Thin Client is a small form-factor PC series that runs an operating system named ThinOS, which Dell advertises as "The most secure thin client operating system." According to CyberMDX, there are more than 6,000 organizations using these products, including many healthcare providers, in the U.S. alone.

Dell has patched two critical security vulnerabilities in its Dell Wyse Thin Client Devices, which are small form-factor computers optimized for connecting to a remote desktop. The bugs allow arbitrary code execution and the ability to access files and credentials, researchers said.

Dell, which pitches its Wyse ThinOS as "The most secure thin client operating system," plans to publish an advisory on Monday for two severe security vulnerabilities. The vulnerabilities, which affect all Dell Wyse Thin Clients running ThinOS versions 8.6 or earlier, allow more or less anyone to remotely run malicious code and to access arbitrary files on vulnerable devices.

Almost a dozen Dell Wyse thin client models are vulnerable to critical issues that could be exploited by a remote attacker to run malicious code and gain access to arbitrary files. It is estimated that more than 6,000 organizations, most of them from the healthcare sector, have deployed Dell Wyse thin clients on their networks.

By building security into its supply chain, services, infrastructure and devices, Dell Technologies helps customers lower risk and become more cyber resilient. "Security is the foundation of everything we do, and our intrinsic security approach addresses our customers' need for trusted technology and partners to help them fend off attacks and lower business risk."

Dell Technologies on Thursday announced new security offerings designed to address threats targeting the supply chain, a device's boot process, and sensitive data. For supply chain security, Dell unveiled SafeSupply Chain solutions.

Dell's Chief Security Officer John Scimone runs a converged security organization, which creates an unusually broad view of security risks. The security team at Dell also holds regular joint strategy and operational planning meetings that include physical and digital security professionals, resilience professionals and business unit security leaders.

Researchers have disclosed details of a recently patched, high-severity Dell PowerEdge server flaw, which if exploited could allow an attacker to fully take over and control server operations. The web vulnerability was found in the Dell EMC iDRAC remote access controller, technology embedded within the latest versions of Dell PowerEdge servers.

Dell Technologies' Global Data Protection Index 2020 Snapshot takes a closer look at the disruptions plaguing organizations around the globe. "Vulnerabilities, if not addressed, can do lasting damage to a company. Businesses must become more resilient, such as implementing air-gapped solutions that are physically disconnected while protecting their data, as cyber criminals continue to seize new opportunities to cause disruptions," said Nelson Hsu, director of data protection solutions marketing at Dell Technologies.