30M Dell Devices at Risk for Remote BIOS Attacks, RCE
A faulty update mechanism has left an estimated 30 million individual Dell endpoints worldwide, according to an analysis by Eclypsium. Dell is currently facing four separate security bugs that would give attackers almost complete control and persistence over targeted devices by allowing remote adversaries to gain arbitrary code execution in the pre-boot environment. Affected devices include both enterprise and consumer devices that are protected by Secure Boot, a security standard ensuring that a device boots using software that is trusted by the device’s original equipment manufacturer.
However, the bugs allow privileged network adversaries to circumvent these protections and override the device’s boot process. An attacker could leverage the vulnerabilities to subvert the operating system and higher-layer security controls, according to Eclypsium. The vulnerabilities have a cumulative CVSS score of 8.3 out of 10. The issues affect the BIOSConnect feature within Dell SupportAssist. BIOSConnect is used to perform remote OS recoveries or to update firmware on the device.