Tuesday, August 3, 2021
Home Technology Over 30 Million Dell Computers Carry Four ‘Severe’ Vulnerabilities

Over 30 Million Dell Computers Carry Four ‘Severe’ Vulnerabilities


Dell laptops, desktops, and tablets have four “severe” vulnerabilities that could let hackers take over the devices, affecting over 30 million computers. The company confirmed this and has released a patch for the vulnerability in its BIOSConnect feature. This is designed to enable remote recovery and firmware updates, but also left a door open to hackers. Dell has issued an advisory in response to the vulnerabilities and has started releasing patches for its BIOS available on all of the affected devices.

Security researchers at enterprise device security company Eclypsium discovered the vulnerabilities and researchers said that the issues affect as many as 129 types of Dell laptops, desktops, and tablets. This includes models that are meant specifically for enterprises and are protected by the Secure Boot security standard.

Dell has acknowledged the existence of all four vulnerabilities reported by the Eclypsium researchers. It has also started rolling out patches for BIOS that users can download upon their arrival. Meanwhile, the company has also advised users to disable BIOSConnect. A couple of workarounds for that have been provided on the company’s support page.

“These vulnerabilities enable an attacker to remotely execute code in the pre-boot environment. Such code may alter the initial state of an operating system, violating common assumptions on the hardware/ firmware layers and breaking OS-level security controls,” the researchers said. The vulnerabilities were discovered on March 2, and Dell was notified about them on March 3, according to Eclypsium.

BIOSConnect is a feature of Dell’s SupportAssist remote support system, and comes pre-installed on most Windows-based Dell computers. For companies, this lets them update the firmware and perform remote OS recovery for their employee’s laptops and computers. In theory, this should make the machines more secure as the enterprise is able to ensure that everyone’s computers are up to date.

Researchers however found that BIOSConnect itself opened the computers up to serious security threats. Of the four vulnerabilities discovered in the preloaded feature, one that is noted as CVE-2021-21571 allows insecure connections for firmware updates.

“When attempting to connect to the backend Dell HTTP server, the TLS connection from BIOSConnect will accept any valid wildcard certificate. This allows an attacker with a privileged network position to impersonate Dell and deliver attacker-controlled content back to the victim device,” the researchers explained.

The remaining three issues are classified as overflow vulnerabilities (CVE-2021-21572, CVE-2021-21573, CVE-2021-21574) that could help attackers execute arbitrary code. Two of them are found to be affecting the OS recovery process, while the other one impacts the process of updating the firmware. The researchers said that all three of these vulnerabilities are independent and any of them could be used to execute malicious code in BIOS.

Who all are affected by Dell’s BIOSConnect security vulnerability?

The list of affected devices that have started getting BIOS patches includes some recently launched laptops such as the Alienware m15 R6, Dell G5 15 5500, Dell G7 (7500), Dell Inspiron 13 (5310), and the Dell Latitude 7320. There are also recent desktop models such as the OptiPlex 7090 Tower, and the OptiPlex 7780 All-in-One.

This isn’t the first time Dell computers are found to be affected by security vulnerabilities. In May, Dell released a security patch for its firmware update driver module to fix as many as five high-severity flaws that had been in use since 2009. The SupportAssist tool also received a fix in 2019 for a critical flaw that had left millions of systems at risk of a privilege-escalation attack.




Source link

RELATED ARTICLES

4 Reasons you should buy an R4 karte

You can certainly do wonders with your Nintendo DS gaming console when you have the R4 karte available to be used with it. If...

For What Reason The Laptops Are Significant?

Innovation is progressing quickly in this day and age. PCs are turning out to be increasingly more significant these days - essentially...

Here’s Why You Should Choose LG Refrigerator To Keep Your Food Fresh

LG is one of the leading consumer durable brands in India, occupying about 30% share in the refrigerator market segment. LG refrigerators...

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

10 iPhone Applications for Business

The iPhone has created waves of techno style since it was first introduced. iPhone has been brilliantly designed, fast and has an overall functionality...

Top 6 Online Movie Streaming Sites That Are Popular in 2021

Today, internet speeds and streaming services have advanced to the point where we routinely watch our favourite movies online. Streaming has become...

10 Best Health Tips

Well -- they're simple, easy to do, cost you little or nothing, and they work! Because it's often hard to get started, most of...

Easy Birthday Gift For Daughter From Her Father

This is a universal fact, that the daughter is slightly more close to their father than their mother. Whether you see or...

Recent Comments