Security researchers have found four vulnerabilities in Dell’s BIOSConnect feature that could be abused in supply chain attacks to compromise computers’ Basic Input/Output System and Unified Extensible Firmware Interface (BIOS/UEFI) and take full control of the systems.
BIOSConnect is remote operating system recovery and firmware updater that’s part of Dell’s SupportAssist software.
It is installed on most of the global computer vendor’s Windows systems.
Security vendor Eclypsium discovered that if attacker is able to gain a privileged, machine-in-the-middle network position, it would be possible to execute arbitrary code within the BIOS/UEFI using a set of vulnerabilities.
Among the flaws Eclypsium found were insecure Transport Layer Security (TLS) configurations that allowed attackers to impersonate Dell to deliver arbitrary code to target computers.
After spoofing Dell, attackers could then exploit two vulnerabilities affecting the operating system recovery process, and one bug in the firmware updater, to run arbitrary code.
Eclyplsum says 129 different Dell models have been shipped with the vulnerabile BIOSConnect feature, affecting an estimated 30 million computers.
Dell has issued patches for the vulnerabilities, but Eclypsium suggests that the BIOSConnect feature is not used to install the fixed firmware.
Instead, Eclypsium says it’s advisable to download a patched and verified executable from Dell, and to run it locally on vulnerable machines.
Users who can’t update their BIOS/UEFI firmware are advised to disable the BIOSConnect and the vulnerable HTTPS Boot features.
Used by 17 different PC vendors, the driver in question could bypass traditional security software and be used to fully compromise computers.
Earlier this year, security vendor SentinelOne found a vulnerable Dell firmware update driver that allowed kernel-mode privilege escalation.
The Windows driver was shipped with hundreds of millions of Dell computers since 2009.