Dell Devices at Rick for Remote BIOS Attacks
7/07/2021

Security researchers at Eclypsium have discovered a series of four, high-severity vulnerabilities that can allow remote adversaries to gain arbitrary code execution in the pre-boot environment on Dell devices. The bugs affect 129 models of laptops, tablet and desktops, including enterprise and consumer devices, that are protected by Secure Boot, a security standard aimed at making sure that a device boots using only software that is trusted by the device original equipment manufacturer (OEM), to prevent rogue takeovers.

OVERVIEW

▪ Security researchers at Eclypsium have discovered a series of four, high-severity vulnerabilities that can allow remote adversaries to gain arbitrary code execution in the preboot environment on Dell devices.

▪ They are estimated to impact 30 million individual Dell endpoints worldwide.

▪ The bugs affect 129 models of laptops, tablet and desktops, including enterprise and consumer devices, that are protected by Secure Boot, a security standard aimed at making sure that a device boots using only software that is trusted by the device original equipment manufacturer (OEM), to prevent rogue takeovers.

▪ The bugs allow privileged network adversaries to circumvent Secure Boot protections, control the device’s boot process, and subvert the operating system and higher-layer security controls.

▪ They carry a cumulative CVSS score of 8.3.

▪ Dell has started to push out patches for BIOS on all of the affected systems, with most updates already in progress and others to follow in July according to its security advisory DSA-2021-106 released yesterday.

▪ It is advisable to run the BIOS update executable from the OS after manually checking the hashes against those published by Dell, rather than relying on BIOSConnect to apply BIOS updates.

Sign Up Here for Download