Nearly 130 Dell computer models can be targeted by an attack that would allow hackers to subvert the operating system of these machines and control their security systems. Millions of users could be victims.
Eclypsium security researchers have sounded the alarm this week. A set of flaws in the BIOSConnect feature of Dell SupportAssist, a module typically installed in Dell desktops, laptops, and tablets, can give hackers the opportunity to control the boot process of these PCs and give them full freedom to control the highest levels of security.
Patches are available
Dell SupportAssist handles everything that is system recovery and troubleshooting, overall support functions. BIOSConnect is a part of this software, it is used to update the firmware of the computer and to retrieve the version of the operating system of the PC. Two elements that go hand in hand, and which are usually present on Dell machines equipped with Windows.
These two components communicate via the American manufacturer’s cloud. Eclypsium researchers have pinpointed four vulnerabilities which, when exploited together, provide a means of executing arbitrary code in the BIOS of affected PCs. Suffice to say that it is a serious flaw, it is also rated 8.3 on the Common Vulnerability Scoring System (CVSS) scale.
And that’s not all: three additional vulnerabilities were also found by Eclypsium. Two of them affect operating system recovery, the last hits the firmware update system. Dell responded quickly by releasing BIOS / UEFI fixes for PCs that could be victims of these attacks. These updates have been available since June 24.