Hackers are threatening millions of Dell PCs; here’s what you should do.
If you own a Dell laptop or desktop computer, you may be vulnerable to the latest hacker attack. Here’s everything you need to know about it.
A security vulnerability that affects at least 30 million devices globally has been issued to Dell laptop and desktop PC owners. The issue, which affects 129 different types of Dell laptops, desktops, and tablets, could allow hackers to carry out remote code execution assaults, according to researchers from firmware security platform Eclypsium.
On the CVSS scale, the Dell vulnerability is rated 8.3 out of 10, putting it comfortably in the “high” category. This indicates that the vulnerability is in the CVSS threat tier two.
Researchers uncovered four flaws in the BIOSConnect feature of Dell SupportAssist. This flaw could allow hackers to execute remote code execution attacks on these devices’ BIOS. Eclypsium noted in a blog post about their discovery, “These vulnerabilities allow an attacker to remotely execute code in the pre-boot environment.”
“Such code has the potential to change an operating system’s initial state, breaching OS-level security protections and contradicting common assumptions on the hardware/firmware layers. As attackers increasingly target vendor supply chains and system firmware, it’s more vital than ever for businesses to have independent visibility and control over their devices’ integrity.”
If you’re unsure whether your Dell device is affected, a complete list can be seen below. Premium Dell PCs, such as Alienware and XPS models, are among those affected by the problem.
Dell described the attack as having a “high” impact vulnerability in an online article.
“To exploit the vulnerability chain in BIOSConnect, a malicious actor must separately perform additional steps before a successful exploit, including compromising a user’s network, obtaining a certificate that is trusted by one of the Dell UEFI BIOS https stack’s built-in Certificate Authorities, and waiting for a user who is physically present at the system to use the BIOSConnection,” the laptop and PC maker said.
Fortunately, BIOS/UEFI updates are available for all impacted customers to download, which will keep them secure.
However, Dell users are urged to wait until the BIOSConnect feature has been upgraded before utilizing it.
Dell G15 5510, Dell G15 5511, Dell G3 3500, Dell G5 5500, Dell G7 7500, Dell G7. Alienware m15 R6, ChengMing 3990, ChengMing 3991, ChengMing 3990, ChengMing 3991, ChengMing 3990, ChengMing 3991, ChengMing 3990, ChengMing 3991, ChengMing 3990, ChengMing 3991, Chen “Brinkwire News in Condensed Form.”