Approximately 130 Dell computer models can be targeted with an attack that allows hackers to compromise their operating system and take control of their security systems. Millions of users can be victims.
Eclypsium security researchers sounded the alarm this week. A combination of flaws in the BIOSConnect feature of Dell SupportAssist, a module typically installed in Dell desktops, laptops, and tablets, can give hackers the opportunity to control the boot process of these computers and give them complete freedom to control the highest levels of security.
patches available
Dell SupportAssist handles system recovery, troubleshooting, and comprehensive support functions. BIOSConnect is part of this software, it is used to update the computer firmware and recover the computer operating system version. Two things go hand in hand, and they are usually found on Dell machines with Windows.
These two components communicate via the US manufacturer’s cloud. Eclypsium researchers have identified four vulnerabilities that, when exploited together, provide a means to execute arbitrary code in the BIOS of affected computers. Suffice it to say that it is a serious flaw, it is also rated 8.3 on the Common Vulnerability System (CVSS) scale.
And that’s not all: Three additional vulnerabilities were found by Eclypsium as well. Two of them affect the recovery of the operating system, and the last one reaches the firmware update system. Dell quickly responded by posting fixes For BIOS / UEFI computers that can be victims of these attacks. These updates have been available since June 24th.
“Certified gamer. Problem solver. Internet enthusiast. Twitter scholar. Infuriatingly humble alcohol geek. Tv guru.”