Last week Dell has released the Maintenance Release 8 of ThinOS 8.6 build 8.6_606.
Feature Updates:
- Security review and updates including mitigation for Dell Security Advisory DSA-2020-281
- Customer defect resolution updates outlined in the ThinOS Release Notes
Supported Platforms:
- Wyse 3040 Thin Clients with ThinOS or ThinOS with PCoIP
- Wyse 5010 Thin Clients with ThinOS or ThinOS with PCoIP
- Wyse 5040 All-In-One Thin Clients with ThinOS or ThinOS with PCoIP
- Wyse 5060 Thin Clients with ThinOS or ThinOS with PCoIP
- Wyse 5070 Thin Clients with ThinOS or ThinOS with PCoIP
- Wyse 5470 Mobile Thin Clients with ThinOS or ThinOS with PCoIP
- Wyse 5470 All-In-One Thin Clients with ThinOS or ThinOS with PCoIP
- Wyse 7010 Thin Clients with ThinOS
Security Advisory DSA-2020-281 Summary:
The CyberMDX Research Team has reported a vulnerability that affects ThinOS 8.6 clients receiving configurations from an unsecure file server using read/write access, ftp or http protocol, or anonymous passwords. This exploit allowed device configurations to be altered, but does not allow execution of malicious code on the Wyse client, or alter of ThinOS client operating system or partner components. In addition, this vulnerability does not impact Wyse clients running ThinOS 9, ThinLinux, Ubuntu Linux with Dell Hybrid Clients or Window IoTE operating systems, and does not impact ThinOS 8.6 clients receiving configuration from a secure file server (https) or Wyse Management Suite. Additional information can be found in the Dell Security Advisory.
ThinOS 8.6 customers are encouraged to upgrade to ThinOS 8.6 MR8 and customers impacted by DSA-2020-281 should address this vulnerability by taking one of the following actions:
- Secure the file server (https protocol, read access, without anonymous access)
- Replace the file server with Wyse Management Suite
- Upgrade eligible clients free of charge to ThinOS 9