Security News

An estimated 30 million Dell computers are affected by several vulnerabilities that may enable an attacker to remotely execute code in the pre-boot environment, Eclypsium researchers have found. The vulnerabilities affect 128 Dell models of consumer and business laptops, desktops, and tablets, including devices protected by Secure Boot and Dell Secured-core PCs. The problem resides in the BIOSConnect feature of Dell SupportAssist, a solution that comes preinstalled on most Windows-based Dell machines and helps users troubleshoot and resolve hardware and software problems.

A high-severity series of four vulnerabilities can allow remote adversaries to gain arbitrary code execution in the pre-boot environment on Dell devices, researchers said. When BIOSConnect attempts to connect to the backend Dell HTTP server to perform a remote update or recovery, it enables the system's BIOS to reach out to Dell backend services over the internet.

An unpatched stored cross-site-scripting security vulnerability affecting Linux marketplaces could allow unchecked, wormable supply-chain attacks, researchers have found. To boot, the PlingStore application is affected by an unpatched remote code-execution vulnerability, which researchers said can be triggered from any website while the app is running - allowing for drive-by attacks.

Google patched more than 90 security vulnerabilities in its Android operating system impacting its Pixel devices and third-party Android handsets, including a critical remote code-execution bug that could allow an attacker to commandeer a targeted vulnerable mobile device. The Android System component of the OS also has a second critical vulnerability, an elevation-of-privilege issue tracked as CVE-2021-0516.

Malicious actors are actively mass scanning the internet for vulnerable VMware vCenter servers that are unpatched against a critical remote code execution flaw, which the company addressed late last month. "Mass scanning activity detected from 104.40.252.159 checking for VMware vSphere hosts vulnerable to remote code execution," tweeted Troy Mursch, chief research officer at Bad Packets.

VMware has patched two vulnerabilities affecting VMware vCenter Server and VMware Cloud Foundation and is urging administrators to implement the offered security updates as soon as possible. The first one would allow them to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server, while the second one may allow them to perform actions allowed by the impacted plug-ins - Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, VMware Cloud Director Availability - without authentication.

VMware has rolled out patches to address a critical security vulnerability in vCenter Server that could be leveraged by an adversary to execute arbitrary code on the server. VMware vCenter Server is a server management utility that's used to control virtual machines, ESXi hosts, and other dependent components from a single centralized location.

Pulse Secure has issued a workaround for a critical remote-code execution vulnerability in its Pulse Connect Secure VPNs that may allow an unauthenticated, remote attacker to execute code as a user with root privileges. May: Earlier this month, a critical zero-day flaw in Pulse Secure's Connect Secure VPN devices was being used by at least two advanced persistent threat groups, likely linked to China, to attack U.S. defense, finance and government targets, as well as victims in Europe.

A researcher has released a proof-of-concept exploit for CVE-2021-31166, a use-after-free, highly critical vulnerability in the HTTP protocol stack that could lead to wormable remote code execution. An exploit would allow RCE with kernel privileges or a denial-of-service attack.

It's the smallest monthly update from the computing giant since 2020, but it does contain a patch for a concerning wormable vulnerability found in the Windows OS. The good news is that none of the vulnerabilities are being actively exploited in the wild, according to Microsoft, though three are listed as publicly known. CVE-2021-26419: A scripting-engine memory corruption vulnerability in Internet Explorer 11 and 9 allowing RCE. CVE-2021-31194: An RCE bug in the Microsoft Windows Object Linking and Embedding Automation.