Dell kbox exploit is out in the wild and probably being hammered on
It looks like the Dell Kace folks could use a talking to from the Dell Secureworks folks.
My recommendation (changed 3-12 after taking the time to look at the source code)
1. Disable ports 80 and 443 in a manner you choose
2. Instruct users to submit tickets using email and respond with email
3. wait for the patch, install it with some very careful firewall rules in place and get back to work
Got this email from Dell a little while ago:
Dear KACE user,
We have identified a security vulnerability in the Dell KACE K1000 Appliance that needs to be addressed immediately.
Dell acknowledges the vulnerabilities detailed at http://www.itwire.com/opinion-
Dell will be addressing all of these issues in a hotfix for v5.4 SP1, v5.5 and in future releases of the K1000.
In the meantime, Dell recommends that K1000 customers take the following steps to reduce the risks associated with these issues. Firstly, all customers with KACE K1000 appliances that are exposed to the Internet should shut down all inbound ports and ensure that the K1000 is not accessible from the Internet. Secondly, all customers should update to the latest available K1000 release, v5.5 that includes a variety of security improvements over prior releases. Lastly, customers should apply the hotfix when it becomes available.
Information on Dell KACE hotfixes can be found at: http://www.kace.com/support/