Dell has updated the firmware to address vulnerabilities, exploitation of which could allow to compromise BIOS over the network and take control of the system. The problem affects about 130 models of tablets, laptops and desktops - a total of about 30 million devices.

The reason for the appearance of vulnerabilities is the incorrect implementation of the BIOSConnect mechanism in the SupportAssist utility, which Dell often installs along with Windows on its machines. This program is usually used to get help from the technical support service in diagnostics, troubleshooting, OS recovery, downloading new firmware. Encrypted exchange between BIOS and Dell backend servers occurs through the use of BIOSConnect.

Researchers at Eclypsium have found four vulnerabilities in this component:

CVE-2021-21571 - Improper SSL certificate validation when attempting to connect to Dell, CVSS score: 5.9; the problem could allow man-in-the-middle (MitM) which may lead to payload tampering, delivering the malicious code to the victim;

CVE-2021-21572, CVE-2021-21573, CVE-2021-21574 - buffer overflow, CVSS score: 7.2; these bugs could allow malicious admin user with local access to the system to run arbitrary code and bypass BIOS/UEFI restrictions.

The authors of the findings noted that the combination of these vulnerabilities could allow an attacker control the OS boot process. The attacker could also disable system protections in order to remain undetected. It is noteworthy that such an attack is possible even when Secure Boot is enabled, a security feature designed to prevent rootkits from being installed

The complete list of affected products can be found in the company's security advisory. The vendor has eliminated all identified vulnerabilities; CVE-2021-21573 and CVE-2021-21574 were remediated on the server side, for the remaining two flaws were released firmware updates, users are advised to install these updates. If this is not possible, BIOSConnect and HTTPS Boot features should be disabled.

Source: anti-malware.ru