Windows users advised to uninstall Dropbox

Honey · 12-25-2019, 03:55 PM

So recently a zero day vulnerability has been found in the dropbox app, though I know this sub is for VPS protection but I figured there might be people who are using their VPS with windows installed as a data uploader, and might have the app installed, this is a fair warning to you guys.

Here's an excerpt from Forbes article,

Code: (Select All)

Security researchers have disclosed a zero-day vulnerability in Dropbox for Windows that can enable an attacker to attain Windows SYSTEM privileges from a starting point of a simple Windows user. 



Two security researchers, Chris and another known as Decoder, first unearthed the vulnerability in September, informing Dropbox on September 18. At that time, they apparently told Dropbox that it would have 90 days to fix the issue before they disclosed it publicly. The 90 days passed without that fix, so here we are.

For further details, please visit here

https://www.forbes.com/sites/daveywinder...6364462089

**xdude** · 12-25-2019, 04:38 PM

Thanks for the heads up. I don't use it currently but I used dropbox for getting my Server backs from the Widnow VPS. But I need to re-check my both Windows VPS just to make sure. I wonder why they couldn't fix it in 90 days. Not something expect from a welknown service provider like DropBox.

**Sn1F3rt** · 12-26-2019, 08:47 AM

Thanks @Honey. I'm myself a Dropbox user on Windows, so gotta let go off the application for now.

90 days was a pretty long time for the fix. Dunno why they couldn't do it. And as @xdude said, that's not what we'd expect from a well-known provider like Dropbox.

Honey · 12-26-2019, 09:53 AM

(12-26-2019, 08:47 AM)sohamb03 Wrote: Thanks @Honey. I'm myself a Dropbox user on Windows, so gotta let go off the application for now.

90 days was a pretty long time for the fix. Dunno why they couldn't do it. And as @xdude said, that's not what we'd expect from a well-known provider like Dropbox.

Well technically isnt Dropbox owned by Microsoft now? Shouldn't they be blamed for this mishap now?

**Mashiro** · 12-26-2019, 10:55 AM

@Honey

Dropbox was always and is still owned by Dropbox Inc. Microsoft owns and operates a direct competitor called OneDrive. One company being responsible for the mishap(s) of another company... I doubt that.

Don't take it as a surprise but many companies ignore security holes for a long time. It's almost always too late because they only fix it after getting high pressure from all the news articles and etc. once the security hole has been published there. Too late.

Acting surprise about such stuff not being fixed nowadays? Like you're on the Internet and using a computer for the first time?

**xdude** · 12-26-2019, 12:00 PM

Yeah it is a surprise, specially in age of internet. Now it's normal for Version based software not getting patched up. For example Winodws they always focus on next version than the old version which they won't get any profit anymore. This often happens in smaller companies but yeah larger companies ignore these when it's too complicated to fix or financially not feasible. But today Internet makes new travel fast so service providing company Dropbox could loose premium users by something like this.

Anyway after reading more about this I realised its not something easy to exploit. You do need to have local user access to exploit this vulnerability. I guess, maybe that's why they didn't bother about. I mean if local user access is compromised Dropbox is least of your nightmares.

chanalku91 · 12-26-2019, 01:10 PM

Useful information
Thank you for the info!
I will share it on Line & Whatsapp

I have never used Dropbox on my computer because Google is cheaper and faster!

Honey · 12-27-2019, 07:51 AM

(12-26-2019, 10:55 AM)Hidden Refuge Wrote: @Honey

Dropbox was always and is still owned by Dropbox Inc. Microsoft owns and operates a direct competitor called OneDrive. One company being responsible for the mishap(s) of another company... I doubt that.

Don't take it as a surprise but many companies ignore security holes for a long time. It's almost always too late because they only fix it after getting high pressure from all the news articles and etc. once the security hole has been published there. Too late.

Acting surprise about such stuff not being fixed nowadays? Like you're on the Internet and using a computer for the first time?

Oh dear, for some reason I distinctly remembered Microsoft purchasing Dropbox xD (some Mandela effect perhaps lol)

Well yeah you're right, but I figured It'd be better to warn you guys

**tryp4vps** · 12-27-2019, 10:31 AM

Thanks for sharing the information.

I am a Dropbox user but I use it on Ubuntu instead. It seems the problem exists on Windows only and so I am bit relaxed.

humanpuff69 · 12-28-2019, 02:49 AM

dropbox known about the issue but didnt fix it . so relying on newer version or update isnt a soultion . the best one is to uninstall it because of the vulnerability or wait for unofficial patch which sometime happen

90 days is a lot for fixing a vulnerability . espescially if they have the poc for the vulnerability and it will save people from the exploit and also save the market share of the application by fixing it and no uninstall required

for alternative you can use the website instead . or a competition

Login

Options

Sponsors: VirMach - Host4Fun - CubeData - Evolution-Host - HostDare - Hyper Expert - Shadow Hosting - Bladenode - Hostlease - RackNerd - ReadyDedis - Limitless Hosting