Software preinstalled on many Dell computers was revealed to be vulnerable to hackers in the way it automatically executes code, both safe and malicious.
The program, Dell System Detect, was flagged as potentially unwanted by antivirus software Malwarebytes.
{mosads}Because Dell System Detect runs automatically, users without the right patches could see their computers infected with malware simply by visiting a rigged site with the string “dell” in its domain name.
“What this basically means is that anyone with a vulnerable version of the tool (which maintains persistence on the system and therefore is always running) might be directed by an attacker to a specific website designed to exploit the flaw in the program and execute any commands the attacker wishes,” Malwarebytes researcher Adam Kujawa wrote in a blog post Friday.
“This could potentially lead to malware being installed without user awareness, stolen credentials, damaged system configuration and more.”
Dell has released a series of updates in order to fix the security weakness, though the first one still left users vulnerable, according to Ars Technica. Most users have not yet downloaded the patch, the blog reported.