Eclypsium security experts have discovered a technique to exploit a collection of high-severity flaws that leave millions of Dell machines vulnerable to covert hacker attacks.
The issue affects 129 Dell models of consumer and business laptops, desktops, and tablets, according to Eclypsium, a company that solves firmware security concerns. This includes devices that use Microsoft’s new Secured-core PC protections.
The revelation, which affects an estimated 30 million Dell computers, was documented in a technical report issued by the business. Dell, on the other hand, published software remedies along with a warning that this is a high-impact issue.
Dell distributed remedies for at least four CVEs identified by Eclypsium researchers Mickey Shkatov and Jesse Michael. At this year’s DEF CON security conference, the researchers plan to discuss the flaws and their possible implications.
The vulnerabilities were discovered by Eclypsium researchers in the BIOSConnect feature of the Dell Client BIOS. “[This problem] allows a privileged network adversary to impersonate Dell.com and obtain arbitrary code execution on the affected device’s BIOS/UEFI level. In a published research, Shkatov and Michael stated that such an attack would allow adversaries to manipulate the device’s boot process and corrupt the operating system and higher-layer security protections.
“An attacker can use these flaws to remotely execute code in the pre-boot environment. According to the researchers, “such code may change the initial state of an operating system, contradicting common assumptions on the hardware/firmware layers and bypassing OS-level security protections.”
The troublesome BIOSConnect feature is part of a different updating method called SupportAssist, which is used to handle Dell computer updates and remote administration.
An inappropriate certificate validation vulnerability exists in the Dell UEFI BIOS https stack, which is used by the Dell BIOSConnect function and Dell HTTPS Boot feature. “A remote unauthenticated attacker might use a person-in-the-middle attack to exploit this vulnerability, resulting in a denial of service and payload tampering,” Dell cautioned in its advisory.
Dell validated and corrected three additional Eclypsium flaws, including a buffer overflow bug in Dell BIOSConnec that might allow an authorized malicious admin user with local access to the system to run arbitrary code and circumvent UEFI limitations.
Eclypsium warns that the combination of remote exploitability and high privileges will certainly attract attackers in the future.