Security News Pre-Installed Software Flaws Expose Dell Systems to Code Execution

[LASER_oneXM]

....a quote from the article:

Flaws in pre-installed software expose Dell systems to attacks that could result in the disabling of security mechanisms, privilege escalation, and arbitrary code execution within the context of the application user.
The vulnerable applications include the Dell Precision Optimizer application service software and Invincea-X and Invincea Dell Protected Workspace, Cisco Talos reveals in an advisory.

 

[tryfon]

It’s one thing to bundle a computer with junkware, but a complete other to bundle it with junkware that is a severe threat to anyone using the computer

 

[orthonovum]

Happens more often than people realize too I bought a Razer laptop and found an unquoted service path in the Qualcomm drivers and there are no updates (luckily this is easy to fix yourself without a driver update). At work I had a Logitech wireless keyboard and it also was using unquoted service paths... it is 2017 this type of thing should not happen anymore ffs.

Don't get me started on DLLs

 

[ForgottenSeer 58943]

It’s one thing to bundle a computer with junkware, but a complete other to bundle it with junkware that is a severe threat to anyone using the computer

Unfortunately these third party installs are a huge risk. One of the first things I do when I get a new laptop is to flatten it and fresh-install. Even then updates can sometimes re-install it. Voodooshield was blocking some background Lenovo crap on my wifes computer which I discovered was 'surveying' my network and running hidden Netsh commands every 15 minutes.. Talk about BS..

This isn't the first time Dell has put people at risk with their junkware/bloat.

 

[blueblackwow65]

Not surprised ,so much junk pre-installed on those laptops.

 

[ForgottenSeer 58943]

Not surprised ,so much junk pre-installed on those laptops.

HP is the worst.. Literally 20GB of trash on their laptops.. Wild Tagent, etc.. Horrible.. Simply flattening them and fresh-install makes them run 100% better.