A flaw in the Bios / Uefi of nearly 130 Dell branded computer models could allow a hacker to take control of the startup and gain the highest security privileges.
Again beware, if you are equipped with a Dell computer. IT security company Eclypsium identified security failures linked to the Bios of many models of the brand. In all, it would be 128 models ofcomputers laptops, desktops and tablets that would be affected by these vulnerabilities. They even affect computers with Secure Boot and Secured-Core protection systems found on the most secure models.
By exploiting the flaw in the Bios/ Uefi, the attacker could gain the highest privileges to control both device startup and bypass all security systems. In all, four vulnerabilities present allow malicious code to be executed. These faults are also rated 8.3 on the scale. Common Vulnerability Scoring System (CVSS). All come from a program called SupportAssist, which is often activated on Dell computers. It is used for everything that revolves around assistance, troubleshooting and recovery. However, one of the critical flaws concerns one of the SupportAssist modules called BiosConnect. It is he who is used to update the firmware of PC.
Bios / Uefi as an entry point
When BiosConnect tries to connect to the server HTTP Dell principal, all certificate valid is accepted. An attacker can then very easily impersonate Dell and return the code of his choice to the targeted machine. Two other vulnerabilities relate to the operating system recovery process, while the last is present in the update mechanism of the operating system. firmware.
In either case, an attacker could execute arbitrary code in the Bios. These breaches were discovered on March 2 by Eclypsium and Dell has since scheduled Bios / Uefi updates for the affected systems. These flaws were uncovered after the discovery of five other critical vulnerabilities, some of which dated back a dozen years and impacted hundreds of millions of computers. Again, they were quickly corrected by Dell.
For security reasons, it is urgent to update your Dell computer
Article by Louis Neveu, published on 05/06/2021
Dell has posted a patch to fix five critical 12-year-old security vulnerabilities. They concern hundreds of millions of the brand’s computers with nearly 400 different models.
If you own a Dell computer, regardless of its range, it is necessary to apply the latest security patch made available by the manufacturer. A big fix following the discovery of five security failures important. They affect 380 models of the brand, whether they are desktops, laptops and even those in the Alienware range for gamers.
Older models are also affected by these flaws and will accept this patch. Of these five faults, four can cause a elevation of privileges, in other words, the hacker has the necessary permissions to modify the system and implement his viral loads as he sees fit. Another flaw can cause a denied service. The security company does not give more details on the methods that could be employed given the number ofcomputers affected by this vulnerability.
Faults dating back to 2009
These flaws were discovered by Kasif Dekel, a cybersecurity researcher at SentinelOne. He was investigating the safety of the driver allowing the firmware update of hundreds of millions of computers. Dell. This pilot, used since 2009, had these five flaws since its inception. Worrisome when we know that the brand is a big supplier of computers to companies. Before being revealed in a ticket blog A few days ago, these vulnerabilities were presented to Dell in early December. The brand has therefore taken care to make a patch to seal these five breaches at once.
According to Dell, there is no evidence that this vulnerability was exploited by hackers. Information also confirmed by SentinelOne. It must be said that to carry out the attack, the hacker must have local access to the computer, which makes this kind of maneuver unlikely, even if, in fact, the flaw dates back 12 years. In all cases, the firm encourages on the other hand to apply the corrective present in the security notice. DSA-2021-088.
Interested in what you just read?