Dell: Eclypsium researchers have discovered four security holes in the BIOSConnect feature of Dell SupportAssist, software preinstalled on most of the manufacturer’s devices that load Windows. According to the professionals, the vulnerabilities allow attackers to take control of booting electronics and break the inherent protections of the operating system, a problem that affects about 30 million devices.
Among the 129 models of equipment susceptible to attacks indicated by specialists are personal and corporate notebooks, tablets and PCs. The problem even affects Secure Boot and Secured-core equipment, usually equipped with solutions in terms of hardware, firmware and software. Details of the threats were also made explicit.
One of the flaws leads to an insecure BIOS TLS connection to Dell via traffic interception (CVE-2021-21571), while the other three are exposed to Buffer overflows, subjecting platforms to system overload (CVE-2021 -21572, CVE-2021-21573 and CVE-2021-21574). In these cases, two affect the OS recovery process and the third is related to firmware update.
Also according to Eclypsium, the second group is made up of independent vulnerabilities, each of which can lead to arbitrary code execution in the BIOS. “This combination of remote exploit capabilities and high privileges will likely make remote update functionality an attractive target for attackers in the future, and organizations must monitor and update their devices accordingly,” he warns.