An issue in Dell Foundation Service allows user tracking

Another bad day for Dell Inc. Their Dell Foundation Services version 2.3.3800.0A00 and below comes with a serious security issue. Dell Foundation Services can be exploited by a malicious website to leak the Dell service tag of a Dell system, which can be used for tracking purposes, or for social engineering.


Advertising

Site lizard HQ has released a Security Advisory: Dell Foundation Services Remote Information Disclosure a few days ago, adressing this issue.

Dell Foundation Services provides (according to Dell) “a core set of foundational services facilitating customer serviceability, messaging and support functions”. The Foundation Services known by its internal name “Tribbles” contains an issue in version 2.3.3800.0A00 and below. The software can be exploited by a malicious website to leak the Dell service tag of a Dell system. This Dell service tag can be used for tracking purposes, or for social engineering. Further details may be obtained from the article linked above. It’s recommended to update Dell Foundation Services as soon as possible.

Similar articles
Microsoft Security-Advisory 3119884 (Dell root certificates)
Dell’s Superfish 2: Devices shipped with cloneable Root certificate


Advertising
This entry was posted in Windows and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *