zdnet[.]com/article/biosconnect-code-execution-bugs-impact-millions-of-dell-devices/
Altogether, the security flaws could be exploited to impersonate Dell.com and attack the BIOS/UEFI level in a total of 128 Dell laptops, tablets, and desktop models, including those with Secure Boot enabled and Secured-core PCs, owned by millions of consumers and business users.According to Eclypsium, "such an attack would enable adversaries to control the device's boot process and subvert the operating system and higher-layer security controls."
Dell device owners should accept BIOS/UEFI updates as soon as they are available -- and patches are due to be released today. The vendor has also provided mitigation options, as detailed in the firm's advisory."Dell remediated multiple vulnerabilities for Dell BIOSConnect and HTTPS Boot features available with some Dell Client platforms," Dell told ZDNet. "The features will be automatically updated if customers have Dell auto-updates turned on. We encourage customers to review the Dell Security Advisory (DSA-2021-106) for more information, and if auto-updates are not enabled, follow the remediation steps at their earliest convenience. Thanks to Eclypsium researchers for working directly with us to resolve the issue."
