Another bad day for Dell Inc. Their Dell Foundation Services version 2.3.3800.0A00 and below comes with a serious security issue. Dell Foundation Services can be exploited by a malicious website to leak the Dell service tag of a Dell system, which can be used for tracking purposes, or for social engineering.
Advertising
Site lizard HQ has released a Security Advisory: Dell Foundation Services Remote Information Disclosure a few days ago, adressing this issue.
Dell Foundation Services provides (according to Dell) "a core set of foundational services facilitating customer serviceability, messaging and support functions". The Foundation Services known by its internal name "Tribbles" contains an issue in version 2.3.3800.0A00 and below. The software can be exploited by a malicious website to leak the Dell service tag of a Dell system. This Dell service tag can be used for tracking purposes, or for social engineering. Further details may be obtained from the article linked above. It's recommended to update Dell Foundation Services as soon as possible.
Similar articles
Microsoft Security-Advisory 3119884 (Dell root certificates)
Dell's Superfish 2: Devices shipped with cloneable Root certificate
Advertising