Millions of Dell Devices at Risk for Remote BIOS Attacks – CVE-2021-21571, CVE-2021-21572, CVE-2021-21573, CVE-2021-21574
Eclypsium researchers have identified multiple vulnerabilities affecting the BIOSConnect feature within Dell Client BIOS.
This chain of vulnerabilities has a cumulative CVSS score of 8.3 (High) because it allows a privileged network adversary to impersonate Dell.com and
gain arbitrary code execution at the BIOS/UEFI level of the affected device. Such an attack would enable adversaries to control the device’s boot process and
subvert the operating system and higher-layer security controls. The issue affects 129 Dell models of consumer and business laptops, desktops, and tablets, including
devices protected by Secure Boot and Dell Secured-core PCs.
These vulnerabilities enable an attacker to remotely execute code in the pre-boot environment.
Such code may alter the initial state of an operating system, violating common assumptions on the hardware/firmware layers and breaking OS-level security controls.
As attackers increasingly shift their focus to vendor supply chains and system firmware, it is more important than ever that organizations have independent visibility and
control over the integrity of their devices.
Users and administrators of the affected products who typically use BIOSConnect to update the BIOS are advised to use alternative methods to apply the BIOS updates, such as:
Use one of the Dell notification solutions(Ref:https://www.dell.com/support/kbdoc/en-us/000139419/support-notifications-overview-and-common-questions) to be notified and download BIOS updates automatically once available.
Download the update via Dell’s Drivers and Downloads(Ref:https://www.dell.com/support/home/en-us?app=drivers) site for the applicable products.
Flash the BIOS from the F12 One-Time Boot Menu.
For users and administrators who are unable to apply the BIOS updates immediately, Dell has provided interim mitigation measures (Ref:https://www.dell.com/support/kbdoc/en-us/000188682/dsa-2021-106-dell-client-platform-security-update-for-multiple-vulnerabilities-in-the-supportassist-biosconnect-feature-and-https-boot-feature)
to disable the BIOSConnect and HTTPS Boot features.
For More information :
PetitPotam: Microsoft Windows Server NTLM Relay Attacks on Active Directory Certificate Services (AD CS)
26 Jul 2021 - Security Advisories & Alerts
25 Jul 2021 - Security Advisories & Alerts