DSA-2020-281: Dell Wyse ThinOS 8.6 Security Update for Insecure Default Configuration Vulnerabilities

As more and more articles popping up about the “security issue” I thought it would be good to give you some insights about it.

Prof. Gil David and Elad Luz of CyberMDX reported two vulnerabilities (CVE-2020-29491 und CVE-2020-29492) to Dell some days ago and Dell took immediate action by releasing ThinOS 8.6 MR8 which fixes this vulnerability.

So far so good. However, is this really such a big security issue? Should you hurry and update all clients to be safe again?

This depends on how you are managing your ThinOS clients. If you are still using a standard FTP or HTTP server with anonymous access and read/write permissions then the clear answer is YES. Run boy, run!

But, if you are using any kind of SSL encryption, for example, HTTPS protocol, without write permissions to the WNOS share then you are safe.
The same applies if you are already using Wyse Management Suite (WMS) for managing your Thin Clients.

Conclusion: In my opinion, this is a valid security issue to point on. However, Dell never recommended using plain FTP with anonymous access and full permission. Every administrator should know that this would open all doors wide open for every hacker.
Therefore, they recommend for a long time already to rely on HTTPS or even WMS.

Read more DSA-2020-281: Dell Wyse ThinOS 8.6 Security Update for Insecure Default Configuration Vulnerabilities

ThinLinux 2.2 Maintenance Release 4

Today Dell has released the last update of ThinLinux 2.2, called MR4. With ThinLinux going EoML on January 31, 2021, this is the last release for ThinLinux, and customers are encouraged to evaluate and if possible, transition to Dell Hybrid Client devices.

Changes/Features

  • Ubuntu 16.04 OS updates
  • Citrix Workspace App for Linux v20.06
  • Citrix RTME 2.9
  • VMware Horizon Client 2006
  • Firefox ESR 68.11
  • Google Chrome 83
  • Vulnerability fixes including:
    • Intel Bluetooth vulnerability fix
  • Multiple fixes to address customer reported issues. 

Supported Platforms

  • Wyse 3040 Thin Clients with ThinLinux 2.2
  • Wyse 5070 Thin Clients with ThinLinux 2.2
  • Wyse 5470 Mobile Thin Clients with ThinLinux 2.2

ThinLinux 2.x for Wyse Thin Clients Transition

Overview: What’s happening?

Dell’s ThinLinux 2.x operating system will go End of Marketing Life on January 31, 2021, and End of Service Support on April 30, 2021. Current ThinLinux 2.x customers with Wyse 3040, 5070, and 5470 thin client endpoints can expect the following:  

Available Options:

Wyse 5070 – Dell Hybrid Client (DHC) conversion kit is available to migrate customers to Dell Hybrid Client (DHC) 1.1.

This option is scheduled to be released 8th of December 2020 and is based on Ubuntu Linux 18.04. Subsequent releases of DHC will be based on Ubuntu 20.04.

ThinLinux customers with Wyse 5070 configurations with 16 GB eMMC and 4 GB RAM, will only be able to migrate to DHC 1.1. Due to minimum configuration requirements for DHC 1.5 with Ubuntu 20.04 of 32 GB storage, customers with 16 GB eMMC will not be able to receive upgrades beyond DHC 1.1.

Ubuntu 18.04 will EoML on April 2023.

DHC is offered as a subscription service managed with Wyse Management Suite (WMS) Pro for DHC.

There is no migration path for Wyse 3040 and 5470 mobile thin client.

Wyse Management Suite 3.1 release

I am excited to announce that the new Wyse Management Suite 3.1 is about to be released soon.

The public cloud update for customers with US1 subscription, will begin on Friday, December 4th, at 7:00 pm PT and is expected to last 8 hours.

Customers using Wyse Management Suite Pro Cloud with EU1 subscriptions should expect it to be unavailable for 8 hours on Saturday, December 11th, 2020 from 4:00 am to 12:00 pm CET.

During this time, the portal will be unavailable and users will be redirected to a maintenance page. There may also be brief periods when the maintenance page is unreachable. However, this will not affect the Thin Clients’ ability to connect to their computing environments.

Customers using the on-prem version, can download the WMS 3.1 version here from December 4th, 2020.

What’s new in WMS 3.1

Read more Wyse Management Suite 3.1 release

Wyse ThinOS 8.6 Maintenance Release 7 is now available

This week Dell released the next update for ThinOS 8. It is version 8.6_511 or the so-called Maintenance Release 7.
Actually, this release wasn’t planned to get released that early. However, due to the bug that PCoIP wasn’t working anymore after upgrading to 8.6_412, the code was released earlier.
Also worth noticing is that this release is only for 3040, 5010, 5040, 5060, 5070, 5470, and 7010.
Support for older units like 3010, 3020, 3030 was removed.

Feature Updates:

Read more Wyse ThinOS 8.6 Maintenance Release 7 is now available

Brand new product released – Dell Hybrid Client 1.0

What’s DHC 1.0

  • Dell Hybrid Client (DHC) is the world’s first client computing software with hybrid cloud management enabling seamless access to applications and data whether they are in the cloud, in the data center, or locally in a ready to deploy flexible commercial desktop solution
  • Complete commercial client solution with OptiPlex 7070 Ultra or Wyse 5070 configured with 1- or 3-year subscription to Dell Hybrid Client, including Wyse Management Suite Pro seat license and ProSupport for Software
  • Ideal commercial client solution for customers interested in a non-Windows alternative with out-of-the box support for Cloud, VDI, on-premise and local resources

Key Features for DHC 1.0

Instant Access: A single management interface and single sign-on provides the ability for employees to access the necessary apps and data to get to work quickly, regardless of where its hosted. IT admins gain the ability to manage multiple environments from a single pane of glass.

Consistent Experience: With the Follow-me experience, users get a consistent personalized experience no matter the device they log in from.

Performance: With cloud delivered applications executed locally, Dell Hybrid Client leverages on the power of Dell HW devices for a better user experience.

Simplified Workflow: Users have convenient access to an array of web applications, virtual applications and storage locations. With global file search, information is easily found and workflow is never interrupted.

Security: Dell Hybrid Client protects user and company data, whether it be stored on a public or private cloud, through system lock down, browser security and peripheral restriction