Security News

Dell SupportAssist contained RCE flaw allowing miscreants to remotely reflash your BIOS with code of their creation
2021-06-25 17:45

A chain of four vulnerabilities in Dell's SupportAssist remote firmware update utility could let malicious people run arbitrary code in no fewer than 129 different PCs and laptops models - while impersonating Dell to remotely upload a tampered BIOS. A remote BIOS reflasher built into a pre-installed Dell support tool, SupportAssist, would accept "Any valid wildcard certificate" from a pre-defined list of certificate authorities, giving attackers a vital foothold deep inside targeted machines - though Dell insists the exploit is only viable if a logged-in user runs the SupportAssist utility and in combination with a man-in-the-middle attack. Updates for SupportAssist are available from Dell to mitigate the vulns, which infosec firm Eclypsium reckons affect about 30 million laptops and PCs. The company, which blogged about the vulns, said: "Such code may alter the initial state of an operating system, violating common assumptions on the hardware/firmware layers and breaking OS-level security controls."

Eclypsium: BIOSConnect Flaws Haunt Millions of Dell Computers
2021-06-24 20:22

Security researchers at Eclypsium have figured out a way to exploit a set of high-severity vulnerabilities that expose millions of Dell computers to stealthy hacker attacks. In all, Dell shipped patches for at least four documented CVEs credited to Eclypsium researchers Mickey Shkatov and Jesse Michael.

BIOS Disconnect: New High-Severity Bugs Affect 128 Dell PC and Tablet Models
2021-06-24 20:04

Cybersecurity researchers on Thursday disclosed a chain of vulnerabilities affecting the BIOSConnect feature within Dell Client BIOS that could be abused by a privileged network adversary to gain arbitrary code execution at the BIOS/UEFI level of the affected device. In all, the flaws affect 128 Dell models spanning across consumer and business laptops, desktops, and tablets, totalling an estimated 30 million individual devices.

Vulnerabilities in Dell computers allow RCE at the BIOS/UEFI level
2021-06-24 11:27

An estimated 30 million Dell computers are affected by several vulnerabilities that may enable an attacker to remotely execute code in the pre-boot environment, Eclypsium researchers have found. The vulnerabilities affect 128 Dell models of consumer and business laptops, desktops, and tablets, including devices protected by Secure Boot and Dell Secured-core PCs. The problem resides in the BIOSConnect feature of Dell SupportAssist, a solution that comes preinstalled on most Windows-based Dell machines and helps users troubleshoot and resolve hardware and software problems.

30M Dell Devices at Risk for Remote BIOS Attacks, RCE
2021-06-24 10:00

A high-severity series of four vulnerabilities can allow remote adversaries to gain arbitrary code execution in the pre-boot environment on Dell devices, researchers said. When BIOSConnect attempts to connect to the backend Dell HTTP server to perform a remote update or recovery, it enables the system's BIOS to reach out to Dell backend services over the internet.

Dell SupportAssist bugs put over 30 million PCs at risk
2021-06-24 10:00

Security researchers have found four major security vulnerabilities in the BIOSConnect feature of Dell SupportAssist, allowing attackers to remotely execute code within the BIOS of impacted devices. According to Dell's website, the SupportAssist software is "Preinstalled on most Dell devices running Windows operating system," while BIOSConnect provides remote firmware update and OS recovery features.

S3 Ep32: AirTag jailbreak, Dell vulns, and a never-ending scam [Podcast]
2021-05-13 18:07

Apple's brand new AirTag product got hacked already. Why Dell patched a bunch of driver bugs going back more than a decade.

Dell fixes exploitable holes in its own firmware update driver – patch now!
2021-05-05 18:18

If you are nervous about removing system files by hand, the company has published a download page with an automatic driver remover with the remarkable name of Dell-Security-Advisory-Update-DSA-2021-088 7PR57 WIN 1.0.0 A00.EXE. Unfortunately, just removing the old driver is not enough on its own, because the old firmare update utility left behind on your computer may inadvertently reinstall the buggy driver, thus reintroducing the bug. If you can't yet do step 2, remember to repeat step 1 every time that you run the old firmware updater, in case the update process itself quietly reinstalls the old driver.

BIOS PrivEsc Bugs Affect Hundreds of Millions of Dell PCs Worldwide
2021-05-05 03:13

PC maker Dell has issued an update to fix multiple critical privilege escalation vulnerabilities that went undetected since 2009, potentially allowing attackers to gain kernel-mode privileges and cause a denial-of-service condition. The issues, reported to Dell by researchers from SentinelOne on Dec. 1, 2020, reside in a firmware update driver named "Dbutil 2 3.sys" that comes pre-installed on its devices.

'Millions' of Dell PCs will grant malware, rogue users admin-level access if asked nicely
2021-05-04 19:56

Dell desktops, laptops, and tablets built since 2009 and running Windows can be exploited to grant rogue users and malware system-administrator-level access to the computers. Essentially, Dell's driver accepts system calls from any user or program on a machine; there are no security checks nor an access control list to see if the caller is sufficiently authorized or privileged.