Skip to main content

A well-meaning feature leaves millions of Dell PCs vulnerable

posted onJune 27, 2021
by l33tdawg
Arstechnica
Credit: Arstechnica

Researchers have known for years about security issues with the foundational computer code known as firmware. It's often riddled with vulnerabilities, it's difficult to update with patches, and it's increasingly the target of real-world attacks. Now a well-intentioned mechanism to easily update the firmware of Dell computers is itself vulnerable as the result of four rudimentary bugs. And these vulnerabilities could be exploited to gain full access to target devices.

The new findings from researchers at the security firm Eclypsium affect 128 recent models of Dell computers, including desktops, laptops, and tablets. The researchers estimate that the vulnerabilities expose 30 million devices in total, and the exploits even work in models that incorporate Microsoft's Secured-core PC protections—a system specifically built to reduce firmware vulnerability. Dell is releasing patches for the flaws today.

"These vulnerabilities are on easy mode to exploit. It's essentially like traveling back in time—it's almost like the '90s again," says Jesse Michael, principal analyst at Eclypsium. "The industry has achieved all this maturity of security features in application and operating system-level code, but they're not following best practices in new firmware security features."

Source

Tags

Security

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th