Security News > 2021 > July > Microsoft and Eclypsium lock horns over Dell SupportAssist flaws on secured-core PCs

The Dell SupportAssist RCE furore has rumbled on after infosec outfit Eclypsium snapped back at Microsoft's statement on the matter.

The issue is a set of four vulnerabilities in Dell's SupportAssist remote firmware update utility that could have permitted arbitrary code to be run on a variety of PCs. The advisory was published last week, and Dell had worked with Eclypsium from March, well ahead of the public disclosure.

The problem, according to Eclypsium, is that the attack works on secured-core PCs and could impact user data.

According to Eclypsium, Microsoft denied that its System Guard firmware protection could be dodged through the method published, and told the infosec researcher: "The attack described in the published research circumvents protections provided by secure boot. However, Secured-core PCs go a step further and implement System Guard firmware protection which helps protect sensitive assets stored in virtualization-based security, like credentials, from attacks that take advantage of firmware vulnerabilities to bypass features like secure boot."

"The Microsoft statement continued:"The threat model of secured-core assumes a compromised firmware such as the case presented here, and thus the attack as described would still be subject to security verification by the firmware protection features in secured-core.

John Loucaides, veep of R&D at Eclypsium, retorted, "The attack works on Dell PCs including secured-core PCs and affects user data. Microsoft's response is a strawman of our statements in order to divert attention from what we actually said."

News URL

https://go.theregister.com/feed/www.theregister.com/2021/07/01/microsoft_eclypsium_supportassist/