Dell SupportAssist bugs put over 30 million PCs at risk

silversurfer

Level 74
Verified
Trusted
Content Creator
Malware Hunter
Aug 17, 2014
6,325
Security researchers have found four major security vulnerabilities in the BIOSConnect feature of Dell SupportAssist, allowing attackers to remotely execute code within the BIOS of impacted devices.

According to Dell's website, the SupportAssist software is "preinstalled on most Dell devices running Windows operating system," while BIOSConnect provides remote firmware update and OS recovery features.

The chain of flaws discovered by Eclypsium researchers comes with a CVSS base score of 8.3/10 and enables privileged remote attackers to impersonate Dell.com and take control of the target device's boot process to break OS-level security controls.

"Such an attack would enable adversaries to control the device's boot process and subvert the operating system and higher-layer security controls," Eclypsium researchers explain in a report shared in advance with BleepingComputer.

"The issue affects 129 Dell models of consumer and business laptops, desktops, and tablets, including devices protected by Secure Boot and Dell Secured-core PCs," with roughly 30 million individual devices exposed to attacks.
Additional info on the vulnerabilities can be found in Eclypsium's report and the complete list of affected device models in Dell's advisory.
 

The_King

Level 7
Aug 2, 2020
319
I get Deja Vu vibes from this post. I'm sure something similar to this happen to Dell with their Desktops and Laptops last month.

Edit: This was a Dell driver bug posted last month.
 
Last edited:

Balrog

Level 5
May 5, 2015
219
I am just setting up a Dell laptop for a customer and the first thing I do is remove all the "utilities". But it is not the only case, HP, Lenovo, Acer, etc. include a lot of garbage.
 
  • Like
Reactions: venustus

blackice

Level 33
Verified
Apr 1, 2019
2,198
The sky is falling!!!!!

Wait…they already have a remediation and these aren’t easy exploits? Another day another patch.
 
  • Like
Reactions: venustus

Gandalf_The_Grey

Level 50
Verified
Trusted
Content Creator
Apr 24, 2016
3,919
Dell BIOS flaw affected 30 million Windows devices; Download fix today!
It is not often that we come across system-level flaws that affect millions of devices. However, Dell found itself in a situation where a BIOS-related vulnerability enabled unauthorized remote access, impacting more than 30 million devices.

More importantly, this vulnerability was seen on 100+ models of Dell computers with the BIOSConnect feature. After a few months of the discovery, Dell has released its patches to the BIOSConnect part, shutting down the backdoor for unauthorized access. Dell has requested users to install this patch update as soon as it is available for download.

The researchers at Eclypsium came across the issue on March 2, 2021. They had also notified Dell about the massive problem on March 3, 2021. The researchers had added that the vulnerability could be used to alter the initial state of an OS, including the destruction of security-based control. Since BIOSConnect included an option for remote control access to the devices, a patch on the code left a room that hackers can exploit.

In more than 30 million affected devices, hackers could have exploited the vulnerability and gained OS-level access with admin privileges. We must keep in mind that BIOSConnect was designed to enable support staff to update the OS firmware and other hardware drivers through remote access. It was a feature aimed at the system admins in organizations that handle multiple systems.

The bigger problem with the flaw is that it can affect some of the recently launched laptops. Popular devices like Alienware m15 R6 and Dell Latitude 7320 are also under the problem. If you own any of these devices — or other Dell desktops or laptops, for that matter — you should install the patch as soon as possible.

This is not the first time Dell has come under scrutiny for the lack of proper security measures. The Support-based features, in particular, had caused problems in the beginning, forcing the manufacturer to roll out patches in the same way. Download the patch today!
 
Top