Security Researchers have discovered four vulnerabilities in the BIOSConnect feature of Dell SupportAssist which allows a malicious user to remotely execute code within the BIOS of the affected devices.
Summary
BIOSConnect offers network-based boot recovery, allowing the BIOS to connect to Dell”s backend servers via HTTPS to download an operating system image, thereby enabling users to recover their systems when the local disk image is corrupted, replaced, or absent.
According to researchers, the BIOSConnec feature of the SupportAssist software which is preinstalled on most dell devices running Windows OS enables remote attackers to impersonate dell.com and take control of the boot process of targeted devices to break OS-level security controls, resulting in the attacker gaining unlimited control over a target device.
It is reported that this issue affects 129 Dell models of Laptops, desktops and tablets, this includes devices that are protected by Secure Boot and Dell Secured-core PCs.
Users are advised not to update their BIOS using the BIOSConnect feature but instead use alternate methods to apply BIOS updates. Users who are not able to update the system BIOS immediately can disable BIOSConnect from the BIOS setup page.
Solution
Users are advised to update to the latest Dell Client Bios version at the Earliest opportunity
PDF Download: Vulnerability found affecting Dell SupportAssist.pdf
References