Dell SupportAssist Bugs Affects 30 Million PCs

Share post:

According to reports, security researchers recently discovered four major vulnerabilities in BIOSConnect, a feature of Dell SupportAssist that provides firmware updates and OS recovery features.

Eclypsium researchers, the researchers behind the discovery explained that an identified problem tracked as CVE-2021-21571 led to an insecure TLS connection from BIOS to Dell along with three overflow vulnerabilities tracked as CVE-2021-21572, CVE-2021-21573 and CVE-2021-21574.

The vulnerabilities also come with a CVSS base value of 8.3/10 that allows privileged remote attackers to imitate Dell.com while taking control of the target device boot process to break OS-level security controls.

In a report shared with Bleeping Computer, the researchers from Eclypsium said: “Such an attack would enable adversaries to control the device’s boot process and subvert the operating system and higher-layer security controls. The issue affects 129 Dell models of consumer and business laptops, desktops, and tablets, including devices protected by Secure Boot and Dell Secured-core PCs.”

The researchers also gave a rough estimate of the devices exposed during the attack at about 30 million.

For more information, read the original story in Bleeping Computer.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, Week in Review for week ending Friday, March 1, 2024

This episode features a discussion on how hard it is to kill a ransomware gang, Canada's proposed new online harms bill, why organizations still allow staff to use vulnerable software

Healthcare sector “stretched thin” in fight against cyber attacks warns CSO of Health-ISAC

In an interview Errol Weiss talks about the challenges facing hospitals a

Cyber Security Today, March 1, 2024 – Warnings to GitHub users and Ivanti gateway administrators, and more

This episode reports on a recommendation that enterprises drop Ivanti Policy Secure and Connect Secure devices because threat actors can get around mitigations for recent vulne

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways