Eclypsium has discovered multiple security flaws in 129 different computer models that utilize Dell’s SupportAssist software, a report has revealed. According to Gizmodo, there are four separate vulnerabilities, one of which can allow attackers to redirect the connection between Dell’s BIOSConnect software and the Dell servers. If successful, the redirect would allow bad actors to force modified update packages onto the affected models. Researchers say the vulnerabilities essentially would allow attackers to gain access to affected machines through an exploit found within the boot configuration, as well as by impersonating Dell and delivering malicious content back to the machine. Perhaps one of the most concerning parts of this entire ordeal, however, is that Eclypsium discovered these flaws while using a secured-core PC, which means the Windows Secure Boot feature won’t protect any affected machines. Eclypsium first notified Dell of the issues back in March. Since then, the computer manufacturer has worked to create an updated version of the system that does not suffer from the same security flaws. Two of the vulnerabilities have been fixed on the server-side, while others are addressed in software updates. However, Dell says users will need to update their BIOS/UEFI on each device to completely remove the flaws from their systems. If you own a Dell computer and you’re concerned that your device may be included in the list of 129 affected models, you can check out the Dell Advisory to see if your model is on the list, as well as what BIOS version you should be running to remove any of the vulnerabilities.
