Vulnerabilities in Dell laptops’ software allow hackers to execute code remotely in millions of devices

Cybersecurity experts reported the detection of at least four flaws in Dell SupportAsist’s BIOSConnect feature, the exploitation of which would allow threat actors to deploy remote code to affected devices. It should be noted that this software is preinstalled by default on most Dell computers running Windows systems, and BIOSConnect allows remote firmware update and some operating system recovery features.

This set of flaws received a score of 8.3/10 on the Common Vulnerability Scoring System (CVSS) scale, and its exploitation would allow privileged remote hackers on the target system to impersonate an official Dell service in order to take control of the operating system boot process and thus break any security controls enabled. So far no active exploitation attempts or a functional attack have been detected for the abuse of these flaws.

The report was presented by security firm Eclypsium, whose researchers say the problem lies in at least 129 Dell devices, including desktops, laptops and electronic tablets used by nearly 130 million users worldwide.

The flaws were described as an insecure TLS connection from BIOS to Dell (CVE-2021-21571) and three overflow errors (identified as CVE-2021-21572, CVE-2021-21573, and CVE-2021-21574). All vulnerabilities are independent and their exploitation would allow multiple risk scenarios, including the execution of arbitrary code in BIOS.

For security reasons, Eclypsium experts recommend users update the BIOS/UEFI of affected systems, as well as employ an alternative method to BIOSConnect for the installation of updates released by Dell. A detailed report on these findings is available on the company’s official platforms.

While CVE-2021-21573 and CVE-2021-21574 do not require users to take additional actions, the remaining flaws necessarily require the installation of updates for Dell ClientBIOS to mitigate the risk of exploitation.

Finally, it is recommended that users who are unable to update their systems soon can disable BIOSConnect from the BIOS setup page or by using Dell Command | Configure, the remote system administration tool.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.