Security researchers Eclypsium they found four serious security bugs (security errors) in Dell SupportAssist BIOSConnect feature, which allow malicious agents to execute remote code within the BIOS of affected devices.
According to the Dell site, SupportAssist software is pre-installed on most Dell devices running the operating system Windows, while BIOSConnect provides remote firmware updates and operating system recovery features.
These errors have been received severity score 8,3/10, while allowing remote intruders to forge Dell.com and take control of the boot process of the target device, to "break" security controls at OS level.
The errors affect 129 models of Dell laptops, desktops and tablets, including devices protected by Secure Boot and Dell Secured-core PCs, with about 30 million devices are exposed to attacks.
The researchers identified a vulnerability which led to a insecure TLS connection from the Dell BIOS (monitored as CVE-2021-21571) and three vulnerabilities overflow (monitored as CVE-2021-21572, CVE-2021-21573 and CVE-2021-21574).
Eclypsium noted that two of the overflow vulnerabilities affect the operating system recovery process, while the third affects the firmware update process. He added that all three vulnerabilities are independent, while each of these could lead to arbitrary code execution in the BIOS.
According to Eclypsium, users should update the BIOS / UEFI system for all affected systems. Researchers also recommend using one alternative method, different from SupportAssist BIOSConnect function, to apply BIOS updates to devices.
Dell provides BIOS / UEFI updates for affected systems, as well as updates to affected executables, at Dell.com.
For CVE-2021-21573 and CVE-2021-21574 vulnerabilities, the company's customers do not need to take any additional action, as they were addressed on May 28, 2021. However, for CVE-2021-21571 and CVE-2021-21572 vulnerabilities need Dell Client BIOS updates to be fully addressed.
Users who cannot update their systems immediately can disable BIOSConnect from the BIOS setup page or by using the Dell Command | Configure (DCC).
She This is not the first time Dell PC owners have been exposed to attacks from security vulnerabilities found in SupportAssist software.
In May of 2019, the company corrected a other - high severity - vulnerability Remote Code Support (RCE) in SupportAssist, which detected 2018 by security researcher Bill Demirkapi. This vulnerability would allow intruders to execute executables arbitrarily on unpatched devices.
Security researcher Tom Forbes discovered a similar RCE defect in Dell System Detect software in 2015, which allowed malicious agents to execute arbitrary files without user interaction.
In last month, Dell has encountered a bug that allowed non-admin users to escalate privileges to kernel privileges, an error found in the DBUtil driver on tens of millions of Dell devices.
Source of information: bleepingcomputer.com