A new patch for Dell laptops, desktops, and tablets now fixes four severe vulnerabilities that could let hackers take over devices. It likely affected over 30 million computers. The vulnerability appears in the Dell BIOSConnect feature which was designed to enable remote recovery and firmware updates but also left a door open for attackers to gain remote access.
Security researchers at enterprise device security company Eclypsium discovered the vulnerabilities and said that the issues affect as many as 129 types of Dell laptops, desktops, and tablets, including some models built specifically for enterprises, fortified with the Secure Boot security standard.
“These vulnerabilities enable an attacker to remotely execute code in the pre-boot environment. Such code may alter the initial state of an operating system, violating common assumptions on the hardware/ firmware layers and breaking OS-level security controls,” the researchers said. The vulnerabilities were discovered on March 2, and were reported to Dell the next day, said the researchers.
What is the BIOSConnect vulnerability?
A part of Dell’s SupportAssist remote support system, Dell’s BIOSConnect feature comes pre-installed on most Windows-based Dell machines. This allows employers, for instance, to perform remote OS recovery on an employee’s laptop/computer via the tool.
However, the four vulnerabilities – CVE-2021-21571, CVE-2021-21572, CVE-2021-21573, and CVE-2021-21574 allow insecure connections for firmware updates and could allow attackers to execute arbitrary code, making them dangerous.
What can you do right now?
If you have a Dell laptop, desktop, or tablet, the safest thing to do right now would be to disable the BIOSConnect feature until you get a new patch update. Newer laptops like the Alienware m15 R6, Dell G5 15 5500, Dell G7 (7500), Dell Inspiron 13 (5310), and the Dell Latitude 7320 have already begun getting the patch, and desktops like OptiPlex 7090 Tower, and the OptiPlex 7780 All-in-One have begun receiving it too. Meanwhile, Dell’s support page has already provided a few workarounds on the topic.