Eclypsium researchers have discovered four weaknesses in the BiosConnect functionality for Dell computers. If exploited consecutively, these vulnerabilities pose a significant risk. Dell has been notified since March and is recommending a BIOS update.
The vulnerabilities were found in Dell’s BiosConnect function. This is a job SupportAssist Software It comes pre-installed on most Dell computers. Via BiosConnect, users can perform an operating system recovery and/or firmware update for affected computers. “The computer communicates with Dell servers for this”, Seems to researchers. “In the process, we discovered a series of four vulnerabilities that could allow attackers to commit Executing arbitrary code at the walk level.
According to the researchers, malicious parties can influence the loading process of the operating system and disable security mechanisms to keep you noticed. They state that 129 models are at risk. In their opinion, this is more than 30 million Dell devices. The researchers provide more information on their blog page. Full technical details will be revealed in August at the DEF CON 29 Hacker Conference, which will be held in Las Vegas from August 5-8.
dell collections On the support page He points out that he has since been able to fix two of the four vulnerabilities because they were on the server side. For the other two vulnerabilities, Dell recommends flashing the BIOS of a Dell device manually, not through the BIOSConnect software.
