Security News > 2021 > June > Dell SupportAssist bugs put over 30 million PCs at risk

Dell SupportAssist bugs put over 30 million PCs at risk
2021-06-24 10:00

Security researchers have found four major security vulnerabilities in the BIOSConnect feature of Dell SupportAssist, allowing attackers to remotely execute code within the BIOS of impacted devices.

According to Dell's website, the SupportAssist software is "Preinstalled on most Dell devices running Windows operating system," while BIOSConnect provides remote firmware update and OS recovery features.

"The issue affects 129 Dell models of consumer and business laptops, desktops, and tablets, including devices protected by Secure Boot and Dell Secured-core PCs," with roughly 30 million individual devices exposed to attacks.

Dell is providing BIOS/UEFI updates for impacted systems and updates to affected executables on Dell.com.

This is not the first time owners of Dell computers have been exposed to attacks by security vulnerabilities found in the SupportAssist software.

Last but not least, last month Dell addressed a flaw making it possible to escalate privileges from non-admin users to kernel privileges, a bug found in the DBUtil driver that ships with tens of millions of Dell devices.


News URL

https://www.bleepingcomputer.com/news/security/dell-supportassist-bugs-put-over-30-million-pcs-at-risk/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Dell 1678 29 437 430 109 1005