A series of massive security holes in the SupportAssist suite, preinstalled on 129 Dell PC models, threatens the security of more than 30 million machines. Dell has already posted several fixes.
Dell is one of those PC manufacturers who preinstall their software suite on new machines. The user can completely uninstall it. It is by no means essential for the operation of Dell PCs which may very well be satisfied with Windows Update, and a few manual updates of BIOS drivers and firmware from time to time.
Nevertheless this practice always poses an additional security risk to users, and the latest report from the firm Eclypsium does nothing to contradict this observation. Four security vulnerabilities have in fact been discovered, with a CVSS score of 8.3 / 10, which shows that they are, taken together, very dangerous.
Also read: Dell sued for false advertising on Alienware PC
Dell Releases Patches Following Discovery of Security Flaws
They allow remote attackers to pretend to be Dell.com, to take control of the boot procedure on the targeted machine, so thatit becomes possible to break devices that are the basis of Windows security. Most of these flaws lie in the “SupportAssist” suite and the “BIOSConnect” component.
SupportAssist is “Preinstalled on most Dell PCs running Windows”, as for BIOSConnect, it is about providing remote firmware updates, as well as managing part of the system recovery. Eclypsium explains: “Such an attack would allow adversaries to take control of the boot process and subvert high level operating system security controls”.
The firm adds: “The problem affects 129 Dell computer models in the consumer and business segments with laptops, desktops and tablets, including when these devices are protected by Secure Boot, as well as so-called ‘Dell Secured-core’ PCs” . In all, this represents no less than 30 million PCs.
In details, one of the vulnerabilities allows an insecure TLS connection between BIOS and Dell (CVE-2021-21571). While the three other flaws are of the “buffer memory size overflow” type (CVE-2021-21572, CVE-2021-21573 and CVE-2021-21574). Two of the flaws “Affect the system recovery process” while the others affect the BIOS update process.
This is not the first time that Dell software has been singled out
All of them can, taken independently, lead to the execution of an arbitrary code in the BIOS. According to Eclypsium, all affected users will need to update their BIOS. The firm nevertheless recommends not to follow Dell’s advice and to use an alternative to the BIOSConnect software. The vulnerabilities CVE-2021-21573 and CVE-2021-21574 have already been fixed in the cumulative update of May 28, 2021.
CVE-2021-21571 and CVE-2021-21572 flaws will only be completely corrected after updating the machine’s firmware. If you cannot update immediately, it is recommended to deactivate BIOSConnect now from the BIOS page when starting the computer. This is not the first time that Dell customers have been affected by flaws in the manufacturer’s software.
Last month, Dell fixed a flaw that allowed an elevation of privilege attack. In 2020, a SupportAssist flaw was fixed – it allowed nothing less than remote arbitrary code execution and elevation of privilege. Which already looked like what happened two years ago, when the same type of flaws in SupportAssist had already been reported. And we even find a report dating from 2015, with the same type of report.
If you have a Dell machine, it is therefore recommended that you review the software preinstalled by the manufacturer and uninstall most of it.. The only ones that may be a little essential to you are the software that allows you to adjust the RGB lighting on Alienware computers.
For the rest, most updates can be done by themselves via Windows Update, with only, we told you, some manual installation of drivers when justified. In the end, you will strengthen your security, without too much negative impact on the user experience.