Your new post is loading...
A major security flaw in Dell’s firmware updating and operating recovery software, BIOSConnect, potentially exposes tens of millions of devices that Dell preinstalled it on.
BleepingComputer reported on Thursday that researchers with security firm Eclypsium discovered a flaw in BIOSConnect, which is part of Dell’s standard SupportAssist software and updates the firmware on a computer’s system board, that could allow attackers to remotely execute malicious code. In a report, the researchers wrote that the vulnerability was so severe it could “enable adversaries to control the device’s boot process and subvert the operating system and higher-layer security controls,” which would give them control “over the most privileged code on the device.”
There are four separate vulnerabilities, one of which involves insecure connections between a BIOS being updated and Dell’s servers that allow an attacker to redirect the machine to a maliciously modified update package. The remaining three are classified as overflow vulnerabilities. Eclypsium rated the bugs as severe security threats.
Learn more / En savoir plus / Mehr erfahren:
https://www.scoop.it/topic/securite-pc-et-internet
Via Gust MEES
![Enterprise Gamification [Infographic] | business analyst | Scoop.it](https://img.scoop.it/E2-2futw88F2xApRS_CsSzl72eJkfbmt4t8yenImKBVvK0kTmF0xjctABnaLJIm9)
A major security flaw in Dell’s firmware updating and operating recovery software, BIOSConnect, potentially exposes tens of millions of devices that Dell preinstalled it on.
BleepingComputer reported on Thursday that researchers with security firm Eclypsium discovered a flaw in BIOSConnect, which is part of Dell’s standard SupportAssist software and updates the firmware on a computer’s system board, that could allow attackers to remotely execute malicious code. In a report, the researchers wrote that the vulnerability was so severe it could “enable adversaries to control the device’s boot process and subvert the operating system and higher-layer security controls,” which would give them control “over the most privileged code on the device.”
There are four separate vulnerabilities, one of which involves insecure connections between a BIOS being updated and Dell’s servers that allow an attacker to redirect the machine to a maliciously modified update package. The remaining three are classified as overflow vulnerabilities. Eclypsium rated the bugs as severe security threats.
Learn more / En savoir plus / Mehr erfahren:
https://www.scoop.it/topic/securite-pc-et-internet