The preloaded OEM (original equipment manufacturers) software update tools on selected personal computers might cause serious problems to the security features of the desktops.

Researchers from Duo Security found "remote code execution flaws" in support tools from Acer, ASUSTek, Lenovo, Dell, and HP. What does it mean? PC World stated that the computer system may be compromised as hackers will be able to "remotely execute code with system privileges."

The affected computers will not be able to encrypt the download update with the use of HHTP connections. As a result, the attackers can obstruct requests and can send malware viruses to the computers.

"During our research, we were often greeted by an intricate mess of system services, web services, COM servers, browser extensions, sockets, and named pipes," as stated on their website. "Many confusing design decisions made us wonder if projects were assembled entirely from poor StackOverflow posts."

So, what are the specific risks that the security systems are facing? The Register listed them down in layman's terms:

  • Dell - one high-risk vulnerability involving lack of certificate best practices, known as eDellRoot.
  • Hewlett Packard - two high-risk vulnerabilities that could have resulted in arbitrary code execution on affected systems. Five medium-to-low-risk vulnerabilities were also identified.
  • Asus - one high-risk vulnerability that allows for arbitrary code execution as well as one medium-severity local privilege-escalation flaw.
  • Acer - two high-risk vulnerabilities that allow for arbitrary code execution.
  • Lenovo - one high-risk vulnerability that allows for arbitrary code execution.

The companies are asked for a reply. But Dell was the only one who provided a statement and the rest are yet to address the issue.

They wrote that they are aware of the Duo Security report and they are in the midst of testing the affected tools as well. The company is also thankful about the report and said that the customer security will always be their top priority.

© Copyright 2024 Mobile & Apps, All rights reserved. Do not reproduce without permission.