A key security flaw in Dell’s SupportAssist software was recently discovered by Eclypsium’s security researchers. This is something that all Dell PC owners should be aware of since the software is pre-installed on the majority of Dell machines with Windows in today’s market. On a scale of 1 to 10, the severity of the flaw created is 8.3. Remote attackers can impersonate the Dell website for complete control of the target machine.
Operating system (OS)-level security protocols will be easily bypassed by the booth process. This information should also be known to anyone that does computer repairs so they can address it head on.
SupportAssist Issues
As mentioned earlier, SupportAssist is already preinstalled on a majority of Windows OS Dell devices. The OS recovery features and remote firmware updates come from BIOSConnect.
There have been quite a few incidents with SupportAssist having security vulnerabilities that Dell computer owners have gone through. Back in May 2019, there was a high-severity remote code execution (RCE) with SupportAssist that was patched. It happened because there was an improper origin validation weakness at play. Another patch happened just last year, in February of 2020, because of a DLL search-order hijacking bug. It gave local attackers the means to use Administrator privileges on vulnerable devices in order to execute code that was arbitrary.
More recently, Dell had to address a flaw in the DbUtil driver found in millions and millions of devices. It allowed privileges of non-admin users to reach kernel privilege permissions.
Suffice to say, SupportAssist has had a number of vulnerability issues over the past couple of years.
Vulnerabilities
Dell SupportAssist’s BIOSConnect feature was found to have four security vulnerabilities that are quite hefty. Half of them affect the firmware update process, while the other half affect the OS recovery process. Remote attackers could execute code within a device’s BIOS. Even Dell devices that are protected through Secure Boot and Dell Secured-core PCs are affected; all in all, there are over a hundred models of consumer and business tablets, laptops and desktops.
The good news is that CVE-2021-21573 and CVE-2021-21574 were addressed server-side back in late May. However, CVE-2021-21571 and CVE-2021-21572 still need their Dell Client BIOS updates looked over. They could let a remote attacker exploit the UEFI firmware of a host, giving them control over the device’s most privileged code.
In light of this, affected Dell users should not update their BIOS with BIOSConnect. Instead, they should find an alternative to update their BIOS/UEFI. Professionals that do computer repairs can assist with this for users that may not be tech-savvy or are worried they won’t do it correctly.
Conclusion
The latest issue with Dell’s SecurityAssist feature lies in a major security vulnerability. On a scale of 1 to 10, the problem is a solid 8.3, according to experts. It’s a security flaw that affects over 129 models of the company’s devices, such as laptops and desktops all over the world, since SupportAssist is typically pre-installed on most Dell machines.
Need to get computer repairs on the Gold Coast done? Reach out to Mobile PC Pro! Our team of experienced technicians can repair, ddebug monitor, review and solve any computer-related challenges you or your business are facing.