Dell SupportAssist bugs put over 30 million PCs at risk

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,154
Content source
https://www.bleepingcomputer.com/news/security/dell-supportassist-bugs-put-over-30-million-pcs-at-risk/
Security researchers have found four major security vulnerabilities in the BIOSConnect feature of Dell SupportAssist, allowing attackers to remotely execute code within the BIOS of impacted devices.

According to Dell's website, the SupportAssist software is "preinstalled on most Dell devices running Windows operating system," while BIOSConnect provides remote firmware update and OS recovery features.

The chain of flaws discovered by Eclypsium researchers comes with a CVSS base score of 8.3/10 and enables privileged remote attackers to impersonate Dell.com and take control of the target device's boot process to break OS-level security controls.

"Such an attack would enable adversaries to control the device's boot process and subvert the operating system and higher-layer security controls," Eclypsium researchers explain in a report shared in advance with BleepingComputer.

"The issue affects 129 Dell models of consumer and business laptops, desktops, and tablets, including devices protected by Secure Boot and Dell Secured-core PCs," with roughly 30 million individual devices exposed to attacks.
Click to expand...
Additional info on the vulnerabilities can be found in Eclypsium's report and the complete list of affected device models in Dell's advisory.
Click to expand...
www.bleepingcomputer.com

Dell SupportAssist bugs put over 30 million PCs at risk

Security researchers have found four major security vulnerabilities in the BIOSConnect feature of Dell SupportAssist, allowing attackers to remotely execute code within the BIOS of impacted devices.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • Wow
  • +Reputation
Reactions: Deletedmessiah, Venustus, Gandalf_The_Grey and 11 others
The_King

The_King

Level 12
Verified
Top Poster
Well-known
Aug 2, 2020
542
I get Deja Vu vibes from this post. I'm sure something similar to this happen to Dell with their Desktops and Laptops last month.

Edit: This was a Dell driver bug posted last month.
malwaretips.com

Vulnerable Dell driver puts hundreds of millions of systems at risk (fixed driver available from Dell)

A driver that’s been pushed for the past 12 years to Dell computer devices for consumers and enterprises contains multiple vulnerabilities that could lead to increased privileges on the system. It is estimated that hundreds of millions of Dell computers, from desktops and laptops to tablets...
malwaretips.com malwaretips.com
 
Last edited:
  • Like
  • +Reputation
  • Wow
Reactions: Venustus, Gandalf_The_Grey, ZeePriest and 4 others
B

Balrog

Level 6
Verified
May 5, 2015
264
I am just setting up a Dell laptop for a customer and the first thing I do is remove all the "utilities". But it is not the only case, HP, Lenovo, Acer, etc. include a lot of garbage.
 
  • Like
Reactions: Venustus
blackice

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,765
The sky is falling!!!!!

Wait…they already have a remediation and these aren’t easy exploits? Another day another patch.
 
  • Like
Reactions: Venustus
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,572
Dell BIOS flaw affected 30 million Windows devices; Download fix today!
It is not often that we come across system-level flaws that affect millions of devices. However, Dell found itself in a situation where a BIOS-related vulnerability enabled unauthorized remote access, impacting more than 30 million devices.

More importantly, this vulnerability was seen on 100+ models of Dell computers with the BIOSConnect feature. After a few months of the discovery, Dell has released its patches to the BIOSConnect part, shutting down the backdoor for unauthorized access. Dell has requested users to install this patch update as soon as it is available for download.

The researchers at Eclypsium came across the issue on March 2, 2021. They had also notified Dell about the massive problem on March 3, 2021. The researchers had added that the vulnerability could be used to alter the initial state of an OS, including the destruction of security-based control. Since BIOSConnect included an option for remote control access to the devices, a patch on the code left a room that hackers can exploit.

In more than 30 million affected devices, hackers could have exploited the vulnerability and gained OS-level access with admin privileges. We must keep in mind that BIOSConnect was designed to enable support staff to update the OS firmware and other hardware drivers through remote access. It was a feature aimed at the system admins in organizations that handle multiple systems.

The bigger problem with the flaw is that it can affect some of the recently launched laptops. Popular devices like Alienware m15 R6 and Dell Latitude 7320 are also under the problem. If you own any of these devices — or other Dell desktops or laptops, for that matter — you should install the patch as soon as possible.

This is not the first time Dell has come under scrutiny for the lack of proper security measures. The Support-based features, in particular, had caused problems in the beginning, forcing the manufacturer to roll out patches in the same way. Download the patch today!
Click to expand...
news.thewindowsclub.com

Dell BIOS flaw affected 30 million Windows devices; Download fix today!

Dell found itself in a situation where a BIOS flaw enabled unauthorized remote access, impacting more than 30 million devices.
news.thewindowsclub.com news.thewindowsclub.com
 
  • Like
  • +Reputation
  • Thanks
Reactions: upnorth, The_King, mkoundo and 6 others
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
    • Thanks
Hackers earn over $1 million for 58 zero-days at Pwn2Own Toronto
Replies
1
Views
817
News Archive
TairikuOkami
TairikuOkami
[correlate]
    • Like
Exploit released for Juniper firewall bugs allowing RCE attacks
Replies
0
Views
816
News Archive
[correlate]
[correlate]
CyberTech
    • Like
    • Applause
HackerOne paid ethical hackers over $300 million in bug bounties
Replies
0
Views
584
News Archive
CyberTech
CyberTech

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top