HomeWinBuzzer NewsDell Issues Patch for BIOS Issue Affecting Millions of Windows PCs

Dell Issues Patch for BIOS Issue Affecting Millions of Windows PCs

Vulnerabilities in Dell BIOS software have left up to 30 million Windows laptops vulnerable to remote execution code attacks.

-

Recently, millions of Dell have been left vulnerable due to a bug in the company{s BIOS update software. Dell has now acknowledged the flaw and is rolling out a patch to affected machines, the company confirms.

Because of the vulnerability, threat actors could launch man in the middle attacks through remote execution code to infiltrate the BIOS. The problem was found by Eclypsium researchers, who said the flaw affects 129 Dell laptop models.

“Such an attack would enable adversaries to control the device's boot process and subvert the operating system and higher-layer security controls,” the security research company explains.

Those 129 models account for around 30 million units worldwide, covering Dell customers in consumer and enterprise. In other words, the potential for this bug to cause a lot of problems is obvious.

There is little users can do because the BIOSConnect feature that houses the vulnerability is preloaded on all Dell laptops as part of the company's SupportAssistant. Dell laptops running Windows have a TLS connection running between BIOS and Dell to make SupportAssistant useful.

Patch

However, this connection is insecure and found to have three vulnerabilities. If attackers could exploit the flaw, they would have access to a system and be able to change any software on the laptop.

Two of the vulnerabilities “affect the OS recovery process, while the other affects the firmware update process,” Eclypsium points out. “All three vulnerabilities are independent, and each one could lead to arbitrary code execution in BIOS.”

Dell's response to the report has seen the company this week roll out a fix, for what it calls a “High Impact” vulnerability. On its support page, Dell says the following:

DSA-2021-106: Dell Client Platform Security Update for Multiple Vulnerabilities in the BIOSConnect and HTTPS Boot features as part of the Dell Client BIOS
Summary: Dell is releasing remediations for multiple security vulnerabilities affecting the BIOSConnect and HTTPS Boot features.”

Of course, if you have a Dell laptop, you should be updating with this patch as soon as possible.

Tip of the day: To prevent attackers from capturing your password, Secure Sign-in asks the user to perform a physical action that activates the sign-in screen. In some cases, this is a dedicated “” button, but the most common case in is the Ctrl+Alt Del hotkey. In our tutorial, we show you how to activate this feature.

SourceDell
Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News