Security News

Dell SupportAssist bugs put over 30 million PCs at risk
2021-06-24 10:00

Security researchers have found four major security vulnerabilities in the BIOSConnect feature of Dell SupportAssist, allowing attackers to remotely execute code within the BIOS of impacted devices. According to Dell's website, the SupportAssist software is "Preinstalled on most Dell devices running Windows operating system," while BIOSConnect provides remote firmware update and OS recovery features.

S3 Ep32: AirTag jailbreak, Dell vulns, and a never-ending scam [Podcast]
2021-05-13 18:07

Apple's brand new AirTag product got hacked already. Why Dell patched a bunch of driver bugs going back more than a decade.

Dell fixes exploitable holes in its own firmware update driver – patch now!
2021-05-05 18:18

If you are nervous about removing system files by hand, the company has published a download page with an automatic driver remover with the remarkable name of Dell-Security-Advisory-Update-DSA-2021-088 7PR57 WIN 1.0.0 A00.EXE. Unfortunately, just removing the old driver is not enough on its own, because the old firmare update utility left behind on your computer may inadvertently reinstall the buggy driver, thus reintroducing the bug. If you can't yet do step 2, remember to repeat step 1 every time that you run the old firmware updater, in case the update process itself quietly reinstalls the old driver.

BIOS PrivEsc Bugs Affect Hundreds of Millions of Dell PCs Worldwide
2021-05-05 03:13

PC maker Dell has issued an update to fix multiple critical privilege escalation vulnerabilities that went undetected since 2009, potentially allowing attackers to gain kernel-mode privileges and cause a denial-of-service condition. The issues, reported to Dell by researchers from SentinelOne on Dec. 1, 2020, reside in a firmware update driver named "Dbutil 2 3.sys" that comes pre-installed on its devices.

'Millions' of Dell PCs will grant malware, rogue users admin-level access if asked nicely
2021-05-04 19:56

Dell desktops, laptops, and tablets built since 2009 and running Windows can be exploited to grant rogue users and malware system-administrator-level access to the computers. Essentially, Dell's driver accepts system calls from any user or program on a machine; there are no security checks nor an access control list to see if the caller is sufficiently authorized or privileged.

Hundreds of Millions of Dell Users at Risk from Kernel-Privilege Bugs
2021-05-04 16:07

Five high-severity security flaws in Dell's firmware update driver are impacting potentially hundreds of millions of Dell desktops, laptops, notebooks and tablets, researchers said. The multiple local privilege-escalation bugs exist in the firmware update driver version 2.3 module, which has been in use since 2009.

High-Severity Dell Driver Vulnerabilities Impact Hundreds of Millions of Devices
2021-05-04 15:10

Owners of Dell devices were informed on Tuesday that a firmware update driver present on a large number of systems is affected by a series of high-severity vulnerabilities. Dell says the vulnerabilities, caused by insufficient access control issues, can be exploited by a local, authenticated attacker for privilege escalation, denial of service, or information disclosure.

Vulnerable Dell driver puts hundreds of millions of systems at risk
2021-05-04 13:07

A driver that's been pushed for the past 12 years to Dell computer devices for consumers and enterprises contains multiple vulnerabilities that could lead to increased privileges on the system. It is estimated that hundreds of millions of Dell computers, from desktops and laptops to tablets, received the vulnerable driver through BIOS updates.

Dell Technologies to spin-off VMware, positioning it for further growth
2021-04-15 23:00

The VMware Special Committee of independent directors and Dell Technologies have agreed to terms in which VMware will be spun-off from Dell Technologies. Dell Technologies stockholders will receive a pro-rata distribution of VMware shares held by Dell Technologies, and Michael Dell and Silver Lake Partners will own direct interests in VMware.

Two Critical Flaws — CVSS Score 10 — Affect Dell Wyse Thin Client Devices
2020-12-24 20:51

A team of researchers today unveiled two critical security vulnerabilities in Dell Wyse Thin clients that could have potentially allowed attackers to remotely execute malicious code and access arbitrary files on affected devices. The flaws, which were uncovered by healthcare cybersecurity provider CyberMDX and reported to Dell in June 2020, affects all devices running ThinOS versions 8.6 and below.